Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04 LTS
Description
It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141)
Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167)
It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615)
It was discovered that curl incorrect handled case when comparing usernames and passwords. A remote attacker with knowledge of a case-insensitive version of the correct password could possibly use this issue to cause a connection to be reused. (CVE-2016-8616)
It was discovered that curl incorrect handled memory when encoding tobase64. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8617)
It was discovered that curl incorrect handled memory when preparing formatted output. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8618)
It was discovered that curl incorrect handled memory when performing Kerberos authentication. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8619)
Luật Nguyễn discovered that curl incorrectly handled parsing globs. A remote attacker could possibly use this issue to cause curl to crash,resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.(CVE-2016-8620)
Luật Nguyễn discovered that curl incorrectly handled converting dates. A remote attacker could possibly use this issue to cause curl to crash,resulting in a denial of service. (CVE-2016-8621)
It was discovered that curl incorrectly handled URL percent-encoding decoding. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8622)
It was discovered that curl incorrectly handled shared cookies. A remote server could possibly obtain incorrect cookies or other sensitive information. (CVE-2016-8623)
Fernando Muñoz discovered that curl incorrect parsed certain URLs. A remote attacker could possibly use this issue to trick curl into connecting to a different host. (CVE-2016-8624)
Affected Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH stemcells are vulnerable, including:
- All versions prior to 3151.5
- 3233.x versions prior to 3233.6
- 3263.x versions prior to 3263.12
- 3312.x versions prior to 3312.7
- All other versions
- All versions of Cloud Foundry cflinuxfs2 prior to v.1.90.0
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading to the following BOSH stemcells:
- Upgrade all lower versions of 3151.x to version 3151.5
- Upgrade all lower versions of 3233.x to version 3233.6
- Upgrade all lower versions of 3263.x to version 3263.12
- Upgrade all lower versions of 3312.x to version 3312.7
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.90.0 or later versions
Credit
Luật Nguyễn, Fernando Muñoz, Nguyen Vu Hoang
References
- https://www.ubuntu.com/usn/USN-3123-1
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7141
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7167
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8615
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8616
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8617
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8618
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8619
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8620
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8621
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8622
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8623
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8624
