Sid 1-41853

Message

OS-LINUX cURL and libcurl set-cookie remote code execution attempt

Summary

This event is generated when a remote code execution attempt is detected in cURL or libcurl.

Impact

Attempted User Privilege Gain

CVE-2015-3145:

CVSS base score 7.5

CVSS impact score 6.4

CVSS exploitability score 10.0

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Detailed information

CVE-2015-3145: The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Affected systems

• haxx curl 7.31.0
• haxx curl 7.32.0
• haxx curl 7.33.0
• haxx curl 7.34.0
• haxx curl 7.35.0
• haxx curl 7.36.0
• haxx curl 7.37.0
• haxx curl 7.37.1
• haxx curl 7.38.0
• haxx curl 7.39.0
• haxx curl 7.40.0
• haxx curl 7.41.0
• haxx libcurl 7.30.0
• haxx libcurl 7.31.0
• haxx libcurl 7.32.0
• haxx libcurl 7.33.0
• haxx libcurl 7.34.0
• haxx libcurl 7.35.0
• haxx libcurl 7.36.0
• haxx libcurl 7.37.0
• haxx libcurl 7.37.1
• haxx libcurl 7.38.0
• haxx libcurl 7.39
• haxx libcurl 7.40.0
• haxx libcurl 7.41.0
• hp systemmanagementhomepage 7.5.3.1
• apple macosx 10.10.0
• apple macosx 10.10.1
• apple macosx 10.10.2
• apple macosx 10.10.3
• apple macosx 10.10.4
• canonical ubuntu_linux 12.04
• canonical ubuntu_linux 14.04
• canonical ubuntu_linux 14.10
• canonical ubuntu_linux 15.04
• debian debian_linux 7.0
• fedoraproject fedora 21
• fedoraproject fedora 22
• novell opensuse 13.1
• novell opensuse 13.2
• oracle solaris 11.3

Ease of attack

CVE-2015-3145:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None Known

False negatives

None Known

Corrective action

Contributors

• Cisco's Talos Intelligence Group

Additional References