www.tenable.com
Open in
urlscan Pro
2606:4700:4400::ac40:92c0
Public Scan
URL:
https://www.tenable.com/plugins/nessus/183221
Submission: On October 24 via api from EG — Scanned from DE
Submission: On October 24 via api from EG — Scanned from DE
Form analysis
0 forms found in the DOMText Content
* * Plugins * Settings LINKS Tenable Cloud Tenable Community & Support Tenable University Severity VPRCVSS v2CVSS v3 Theme LightDarkAuto Help * * Plugins OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease Notes * Audits OverviewNewestUpdatedSearch Audit FilesSearch ItemsReferencesAuthoritiesDocumentationDownload All Audit Files * Policies OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources * Indicators OverviewSearchIndicators of AttackIndicators of Exposure * CVEs OverviewNewestSearch * Attack Path Techniques OverviewSearch * Links Tenable CloudTenable Community & SupportTenable University * Settings Severity VPRCVSS v2CVSS v3 Theme LightDarkAuto DETECTIONS * Plugins OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin Families * Audits OverviewNewestUpdatedSearch Audit FilesSearch ItemsReferencesAuthoritiesDocumentationDownload All Audit Files * Policies OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources * Indicators OverviewSearchIndicators of AttackIndicators of Exposure ANALYTICS * CVEs OverviewNewestSearch * Attack Path Techniques OverviewSearch 1. Plugins 2. Nessus 3. 183221 1. Nessus RHEL 9 : CURL (RHSA-2023:5763) HIGH NESSUS PLUGIN ID 183221 Language: English 日本語简体中文繁體中文English * Information * Dependencies * Dependents * Changelog SYNOPSIS The remote Red Hat host is missing one or more security updates. DESCRIPTION The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5763 advisory. - CVE-2023-38545 is a heap-based buffer overflow vulnerability in the SOCKS5 proxy handshake in libcurl and curl. When curl is given a hostname to pass along to a SOCKS5 proxy that is greater than 255 bytes in length, it will switch to local name resolution in order to resolve the address before passing it on to the SOCKS5 proxy. However, due to a bug introduced in 2020, this local name resolution could fail due to a slow SOCKS5 handshake, causing curl to pass on the hostname greater than 255 bytes in length into the target buffer, leading to a heap overflow. The advisory for CVE-2023-38545 gives an example exploitation scenario of a malicious HTTPS server redirecting to a specially crafted URL. While it might seem that an attacker would need to influence the slowness of the SOCKS5 handshake, the advisory states that server latency is likely slow enough to trigger this bug. (CVE-2023-38545) - CVE-2023-38546 is a cookie injection vulnerability in the curl_easy_duphandle(), a function in libcurl that duplicates easy handles. When duplicating an easy handle, if cookies are enabled, the duplicated easy handle will not duplicate the cookies themselves, but would instead set the filename to none.' Therefore, when the duplicated easy handle is subsequently used, if a source was not set for the cookies, libcurl would attempt to load them from the file named none' on the disk. This vulnerability is rated low, as the various conditions required for exploitation are unlikely. (CVE-2023-38546) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. SOLUTION Update the affected packages. SEE ALSO https://access.redhat.com/security/cve/CVE-2023-38545 https://access.redhat.com/security/cve/CVE-2023-38546 https://access.redhat.com/errata/RHSA-2023:5763 PLUGIN DETAILS Severity: High ID: 183221 File Name: redhat-RHSA-2023-5763.nasl Version: 1.2 Type: local Agent: unix Family: Red Hat Local Security Checks Published: 10/17/2023 Updated: 10/18/2023 Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent RISK INFORMATION VPR Risk Factor: Critical Score: 9.4 CVSS V2 Risk Factor: Medium Base Score: 4.6 Temporal Score: 3.6 Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P CVSS Score Source: CVE-2023-38545 CVSS V3 Risk Factor: High Base Score: 8.4 Temporal Score: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C VULNERABILITY INFORMATION CPE: cpe:/o:redhat:enterprise_linux:9, cpe:/o:redhat:rhel_aus:9.2, cpe:/o:redhat:rhel_e4s:9.2, cpe:/o:redhat:rhel_eus:9.2, p-cpe:/a:redhat:enterprise_linux:curl, p-cpe:/a:redhat:enterprise_linux:curl-minimal, p-cpe:/a:redhat:enterprise_linux:libcurl, p-cpe:/a:redhat:enterprise_linux:libcurl-devel, p-cpe:/a:redhat:enterprise_linux:libcurl-minimal Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu Exploit Available: true Exploit Ease: Exploits are available Patch Publication Date: 10/17/2023 Vulnerability Publication Date: 10/10/2023 REFERENCE INFORMATION CVE: CVE-2023-38545, CVE-2023-38546 CWE: 119, 73 IAVA: 2023-A-0531 RHSA: 2023:5763 * Tenable.com * Community & Support * Documentation * Education * © 2023 Tenable®, Inc. All Rights Reserved * Privacy Policy * Legal * 508 Compliance