Download
| Alert*
|
oval:org.secpod.oval:def:2103369
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. oval:org.secpod.oval:def:44840 The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle bounds checking. Successful exploitation leads to integer overflow. oval:org.secpod.oval:def:1800914 CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0 oval:org.secpod.oval:def:89002100 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code . - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function . oval:org.secpod.oval:def:113749 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:1600831 The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service or possibly have unspecified other impact via vectors involving long user and password fields. The FTP wildcard function in curl and libcurl before 7.57.0 allows remot ... oval:org.secpod.oval:def:114544 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:53198 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ... oval:org.secpod.oval:def:1700125 libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ... oval:org.secpod.oval:def:603189 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ... oval:org.secpod.oval:def:113718 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:51949 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703912 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1800813 CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0 oval:org.secpod.oval:def:1800208 CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions libcurl 7.36.0 to and including 7.56.1 Not affected versions libcurl = 7.57.0 |
