urlscan.io logo urlscan.io
SecurityTrails logo

www.tenable.com Open in urlscan Pro
2606:4700:4400::ac40:92c0  Public Scan

Back to summary
URL: https://www.tenable.com/plugins/nessus/183221
Submission: On October 24 via api from EG — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * 
 * Plugins

 * Settings
   
   LINKS
   
   Tenable Cloud Tenable Community & Support Tenable University
   
   Severity
   VPRCVSS v2CVSS v3
   
   Theme
   LightDarkAuto
   
   Help


 * 
 * Plugins
   OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM
   FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease
   Notes
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Policies
   OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure
 * CVEs
   OverviewNewestSearch
 * Attack Path Techniques
   OverviewSearch
    * Links
      Tenable CloudTenable Community & SupportTenable University
    * Settings
      Severity
      VPRCVSS v2CVSS v3
      Theme
      LightDarkAuto

DETECTIONS

 * Plugins
   OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS
   FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin
   Families
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Policies
   OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure

ANALYTICS

 * CVEs
   OverviewNewestSearch
 * Attack Path Techniques
   OverviewSearch

 1. Plugins
 2. Nessus
 3. 183221

 1. Nessus


RHEL 9 : CURL (RHSA-2023:5763)

HIGH NESSUS PLUGIN ID 183221

Language:

English
日本語简体中文繁體中文English
 * Information
 * Dependencies
 * Dependents
 * Changelog

SYNOPSIS

The remote Red Hat host is missing one or more security updates.


DESCRIPTION

The remote Redhat Enterprise Linux 9 host has packages installed that are
affected by multiple vulnerabilities as referenced in the RHSA-2023:5763
advisory.

- CVE-2023-38545 is a heap-based buffer overflow vulnerability in the SOCKS5
proxy handshake in libcurl and curl. When curl is given a hostname to pass along
to a SOCKS5 proxy that is greater than 255 bytes in length, it will switch to
local name resolution in order to resolve the address before passing it on to
the SOCKS5 proxy. However, due to a bug introduced in 2020, this local name
resolution could fail due to a slow SOCKS5 handshake, causing curl to pass on
the hostname greater than 255 bytes in length into the target buffer, leading to
a heap overflow. The advisory for CVE-2023-38545 gives an example exploitation
scenario of a malicious HTTPS server redirecting to a specially crafted URL.
While it might seem that an attacker would need to influence the slowness of the
SOCKS5 handshake, the advisory states that server latency is likely slow enough
to trigger this bug. (CVE-2023-38545)

- CVE-2023-38546 is a cookie injection vulnerability in the
curl_easy_duphandle(), a function in libcurl that duplicates easy handles. When
duplicating an easy handle, if cookies are enabled, the duplicated easy handle
will not duplicate the cookies themselves, but would instead set the filename to
none.' Therefore, when the duplicated easy handle is subsequently used, if a
source was not set for the cookies, libcurl would attempt to load them from the
file named none' on the disk. This vulnerability is rated low, as the various
conditions required for exploitation are unlikely. (CVE-2023-38546)

Note that Nessus has not tested for these issues but has instead relied only on
the application's self-reported version number.


SOLUTION

Update the affected packages.


SEE ALSO

https://access.redhat.com/security/cve/CVE-2023-38545

https://access.redhat.com/security/cve/CVE-2023-38546

https://access.redhat.com/errata/RHSA-2023:5763

PLUGIN DETAILS

Severity: High

ID: 183221

File Name: redhat-RHSA-2023-5763.nasl

Version: 1.2

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 10/17/2023

Updated: 10/18/2023





Supported Sensors: Agentless Assessment, Frictionless Assessment Agent,
Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

RISK INFORMATION



VPR

Risk Factor: Critical

Score: 9.4

CVSS V2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P



CVSS Score Source: CVE-2023-38545

CVSS V3

Risk Factor: High

Base Score: 8.4

Temporal Score: 7.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C



VULNERABILITY INFORMATION

CPE: cpe:/o:redhat:enterprise_linux:9, cpe:/o:redhat:rhel_aus:9.2,
cpe:/o:redhat:rhel_e4s:9.2, cpe:/o:redhat:rhel_eus:9.2,
p-cpe:/a:redhat:enterprise_linux:curl,
p-cpe:/a:redhat:enterprise_linux:curl-minimal,
p-cpe:/a:redhat:enterprise_linux:libcurl,
p-cpe:/a:redhat:enterprise_linux:libcurl-devel,
p-cpe:/a:redhat:enterprise_linux:libcurl-minimal

Required KB Items: Host/local_checks_enabled, Host/RedHat/release,
Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available



Patch Publication Date: 10/17/2023

Vulnerability Publication Date: 10/10/2023



REFERENCE INFORMATION

CVE: CVE-2023-38545, CVE-2023-38546

CWE: 119, 73

IAVA: 2023-A-0531

RHSA: 2023:5763

 * Tenable.com
 * Community & Support
 * Documentation
 * Education

 * © 2023 Tenable®, Inc. All Rights Reserved
 * Privacy Policy
 * Legal
 * 508 Compliance