ID CVE-2016-9594
Summary curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
References
Vulnerable Configurations
  • Haxx Curl 6.0
    cpe:2.3:a:haxx:curl:6.0
  • Haxx Curl 6.1
    cpe:2.3:a:haxx:curl:6.1
  • Haxx Curl 6.1 beta
    cpe:2.3:a:haxx:curl:6.1:beta
  • Haxx Curl 6.2
    cpe:2.3:a:haxx:curl:6.2
  • Haxx Curl 6.3
    cpe:2.3:a:haxx:curl:6.3
  • Haxx Curl 6.3.1
    cpe:2.3:a:haxx:curl:6.3.1
  • Haxx Curl 6.4
    cpe:2.3:a:haxx:curl:6.4
  • Haxx Curl 6.5
    cpe:2.3:a:haxx:curl:6.5
  • Haxx Curl 6.5.1
    cpe:2.3:a:haxx:curl:6.5.1
  • Haxx Curl 6.5.2
    cpe:2.3:a:haxx:curl:6.5.2
  • Haxx Curl 7.1
    cpe:2.3:a:haxx:curl:7.1
  • Haxx Curl 7.1.1
    cpe:2.3:a:haxx:curl:7.1.1
  • Haxx Curl 7.2
    cpe:2.3:a:haxx:curl:7.2
  • Haxx Curl 7.2.1
    cpe:2.3:a:haxx:curl:7.2.1
  • Haxx Curl 7.3
    cpe:2.3:a:haxx:curl:7.3
  • Haxx Curl 7.4
    cpe:2.3:a:haxx:curl:7.4
  • Haxx Curl 7.4.1
    cpe:2.3:a:haxx:curl:7.4.1
  • Haxx Curl 7.4.2
    cpe:2.3:a:haxx:curl:7.4.2
  • Haxx Curl 7.5
    cpe:2.3:a:haxx:curl:7.5
  • Haxx Curl 7.5.1
    cpe:2.3:a:haxx:curl:7.5.1
  • Haxx Curl 7.5.2
    cpe:2.3:a:haxx:curl:7.5.2
  • Haxx Curl 7.6
    cpe:2.3:a:haxx:curl:7.6
  • Haxx Curl 7.6.1
    cpe:2.3:a:haxx:curl:7.6.1
  • Haxx Curl 7.7
    cpe:2.3:a:haxx:curl:7.7
  • Haxx Curl 7.7.1
    cpe:2.3:a:haxx:curl:7.7.1
  • Haxx Curl 7.7.2
    cpe:2.3:a:haxx:curl:7.7.2
  • Haxx Curl 7.7.3
    cpe:2.3:a:haxx:curl:7.7.3
  • Haxx Curl 7.8
    cpe:2.3:a:haxx:curl:7.8
  • Haxx Curl 7.8.1
    cpe:2.3:a:haxx:curl:7.8.1
  • Haxx Curl 7.9
    cpe:2.3:a:haxx:curl:7.9
  • Haxx Curl 7.9.1
    cpe:2.3:a:haxx:curl:7.9.1
  • Haxx Curl 7.9.2
    cpe:2.3:a:haxx:curl:7.9.2
  • Haxx Curl 7.9.3
    cpe:2.3:a:haxx:curl:7.9.3
  • Haxx Curl 7.9.4
    cpe:2.3:a:haxx:curl:7.9.4
  • Haxx Curl 7.9.5
    cpe:2.3:a:haxx:curl:7.9.5
  • Haxx Curl 7.9.6
    cpe:2.3:a:haxx:curl:7.9.6
  • Haxx Curl 7.9.7
    cpe:2.3:a:haxx:curl:7.9.7
  • Haxx Curl 7.9.8
    cpe:2.3:a:haxx:curl:7.9.8
  • Haxx Curl 7.10
    cpe:2.3:a:haxx:curl:7.10
  • Haxx Curl 7.10.1
    cpe:2.3:a:haxx:curl:7.10.1
  • Haxx Curl 7.10.2
    cpe:2.3:a:haxx:curl:7.10.2
  • Haxx Curl 7.10.3
    cpe:2.3:a:haxx:curl:7.10.3
  • Haxx Curl 7.10.4
    cpe:2.3:a:haxx:curl:7.10.4
  • Haxx Curl 7.10.5
    cpe:2.3:a:haxx:curl:7.10.5
  • Haxx Curl 7.10.6
    cpe:2.3:a:haxx:curl:7.10.6
  • Haxx Curl 7.10.7
    cpe:2.3:a:haxx:curl:7.10.7
  • Haxx Curl 7.10.8
    cpe:2.3:a:haxx:curl:7.10.8
  • Haxx Curl 7.11.0
    cpe:2.3:a:haxx:curl:7.11.0
  • Haxx Curl 7.11.1
    cpe:2.3:a:haxx:curl:7.11.1
  • Haxx Curl 7.11.2
    cpe:2.3:a:haxx:curl:7.11.2
  • Haxx Curl 7.12.0
    cpe:2.3:a:haxx:curl:7.12.0
  • Haxx Curl 7.12.1
    cpe:2.3:a:haxx:curl:7.12.1
  • Haxx Curl 7.12.2
    cpe:2.3:a:haxx:curl:7.12.2
  • Haxx Curl 7.12.3
    cpe:2.3:a:haxx:curl:7.12.3
  • Haxx Curl 7.13.0
    cpe:2.3:a:haxx:curl:7.13.0
  • Haxx Curl 7.13.1
    cpe:2.3:a:haxx:curl:7.13.1
  • Haxx Curl 7.13.2
    cpe:2.3:a:haxx:curl:7.13.2
  • Haxx Curl 7.14.0
    cpe:2.3:a:haxx:curl:7.14.0
  • Haxx Curl 7.14.1
    cpe:2.3:a:haxx:curl:7.14.1
  • Haxx Curl 7.15.0
    cpe:2.3:a:haxx:curl:7.15.0
  • Haxx Curl 7.15.1
    cpe:2.3:a:haxx:curl:7.15.1
  • Haxx Curl 7.15.2
    cpe:2.3:a:haxx:curl:7.15.2
  • Haxx Curl 7.15.3
    cpe:2.3:a:haxx:curl:7.15.3
  • Haxx Curl 7.15.4
    cpe:2.3:a:haxx:curl:7.15.4
  • Haxx Curl 7.15.5
    cpe:2.3:a:haxx:curl:7.15.5
  • Haxx Curl 7.16.0
    cpe:2.3:a:haxx:curl:7.16.0
  • Haxx Curl 7.16.1
    cpe:2.3:a:haxx:curl:7.16.1
  • Haxx Curl 7.16.2
    cpe:2.3:a:haxx:curl:7.16.2
  • Haxx Curl 7.16.3
    cpe:2.3:a:haxx:curl:7.16.3
  • Haxx Curl 7.16.4
    cpe:2.3:a:haxx:curl:7.16.4
  • Haxx Curl 7.17.0
    cpe:2.3:a:haxx:curl:7.17.0
  • Haxx Curl 7.17.1
    cpe:2.3:a:haxx:curl:7.17.1
  • Haxx Curl 7.18.0
    cpe:2.3:a:haxx:curl:7.18.0
  • Haxx Curl 7.18.1
    cpe:2.3:a:haxx:curl:7.18.1
  • Haxx Curl 7.18.2
    cpe:2.3:a:haxx:curl:7.18.2
  • Haxx Curl 7.19.0
    cpe:2.3:a:haxx:curl:7.19.0
  • Haxx Curl 7.19.1
    cpe:2.3:a:haxx:curl:7.19.1
  • Haxx Curl 7.19.2
    cpe:2.3:a:haxx:curl:7.19.2
  • Haxx Curl 7.19.3
    cpe:2.3:a:haxx:curl:7.19.3
  • Haxx Curl 7.19.4
    cpe:2.3:a:haxx:curl:7.19.4
  • Haxx Curl 7.19.5
    cpe:2.3:a:haxx:curl:7.19.5
  • Haxx Curl 7.19.6
    cpe:2.3:a:haxx:curl:7.19.6
  • Haxx Curl 7.19.7
    cpe:2.3:a:haxx:curl:7.19.7
  • Haxx Curl 7.20.0
    cpe:2.3:a:haxx:curl:7.20.0
  • Haxx Curl 7.20.1
    cpe:2.3:a:haxx:curl:7.20.1
  • Haxx Curl 7.21.0
    cpe:2.3:a:haxx:curl:7.21.0
  • Haxx Curl 7.21.1
    cpe:2.3:a:haxx:curl:7.21.1
  • Haxx Curl 7.21.2
    cpe:2.3:a:haxx:curl:7.21.2
  • Haxx Curl 7.21.3
    cpe:2.3:a:haxx:curl:7.21.3
  • Haxx Curl 7.21.4
    cpe:2.3:a:haxx:curl:7.21.4
  • Haxx Curl 7.21.5
    cpe:2.3:a:haxx:curl:7.21.5
  • Haxx Curl 7.21.6
    cpe:2.3:a:haxx:curl:7.21.6
  • Haxx Curl 7.21.7
    cpe:2.3:a:haxx:curl:7.21.7
  • Haxx Curl 7.22.0
    cpe:2.3:a:haxx:curl:7.22.0
  • Haxx Curl 7.23.0
    cpe:2.3:a:haxx:curl:7.23.0
  • Haxx Curl 7.23.1
    cpe:2.3:a:haxx:curl:7.23.1
  • Haxx Curl 7.24.0
    cpe:2.3:a:haxx:curl:7.24.0
  • Haxx Curl 7.25.0
    cpe:2.3:a:haxx:curl:7.25.0
  • Haxx Curl 7.26.0
    cpe:2.3:a:haxx:curl:7.26.0
  • Haxx Curl 7.27.0
    cpe:2.3:a:haxx:curl:7.27.0
  • Haxx Curl 7.28.0
    cpe:2.3:a:haxx:curl:7.28.0
  • Haxx Curl 7.28.1
    cpe:2.3:a:haxx:curl:7.28.1
  • Haxx Curl 7.29.0
    cpe:2.3:a:haxx:curl:7.29.0
  • Haxx Curl 7.30.0
    cpe:2.3:a:haxx:curl:7.30.0
  • Haxx Curl 7.31.0
    cpe:2.3:a:haxx:curl:7.31.0
  • Haxx Curl 7.32.0
    cpe:2.3:a:haxx:curl:7.32.0
  • Haxx Curl 7.33.0
    cpe:2.3:a:haxx:curl:7.33.0
  • Haxx Curl 7.34.0
    cpe:2.3:a:haxx:curl:7.34.0
  • Haxx Curl 7.35.0
    cpe:2.3:a:haxx:curl:7.35.0
  • Haxx Curl 7.36.0
    cpe:2.3:a:haxx:curl:7.36.0
  • Haxx Curl 7.37.0
    cpe:2.3:a:haxx:curl:7.37.0
  • Haxx Curl 7.37.1
    cpe:2.3:a:haxx:curl:7.37.1
  • Haxx Curl 7.38.0
    cpe:2.3:a:haxx:curl:7.38.0
  • Haxx Curl 7.39.0
    cpe:2.3:a:haxx:curl:7.39.0
  • Haxx Curl 7.40.0
    cpe:2.3:a:haxx:curl:7.40.0
  • Haxx Curl 7.41.0
    cpe:2.3:a:haxx:curl:7.41.0
  • Haxx Curl 7.42.0
    cpe:2.3:a:haxx:curl:7.42.0
  • Haxx Curl 7.42.1
    cpe:2.3:a:haxx:curl:7.42.1
  • Haxx Curl 7.43.0
    cpe:2.3:a:haxx:curl:7.43.0
  • Haxx Curl 7.44.0
    cpe:2.3:a:haxx:curl:7.44.0
  • Haxx Curl 7.45.0
    cpe:2.3:a:haxx:curl:7.45.0
  • Haxx Curl 7.46.0
    cpe:2.3:a:haxx:curl:7.46.0
  • Haxx Curl 7.47.0
    cpe:2.3:a:haxx:curl:7.47.0
  • Haxx Curl 7.47.1
    cpe:2.3:a:haxx:curl:7.47.1
  • Haxx Curl 7.48.0
    cpe:2.3:a:haxx:curl:7.48.0
  • Haxx Curl 7.49.0
    cpe:2.3:a:haxx:curl:7.49.0
  • Haxx Curl 7.49.1
    cpe:2.3:a:haxx:curl:7.49.1
  • Haxx Curl 7.50.0
    cpe:2.3:a:haxx:curl:7.50.0
  • Haxx Curl 7.50.1
    cpe:2.3:a:haxx:curl:7.50.1
  • Haxx Curl 7.50.2
    cpe:2.3:a:haxx:curl:7.50.2
  • Haxx Curl 7.50.3
    cpe:2.3:a:haxx:curl:7.50.3
  • Haxx Curl 7.51.0
    cpe:2.3:a:haxx:curl:7.51.0
  • Haxx Curl 7.52.0
    cpe:2.3:a:haxx:curl:7.52.0
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-665
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
nessus via4
  • NASL family Misc.
    NASL id SECURITYCENTER_5_4_3_TNS_2017_04.NASL
    description According to its version, the installation of Tenable SecurityCenter on the remote host is affected by multiple vulnerabilities : - A flaw exists in the mod_session_crypto module due to encryption for data and cookies using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default). An unauthenticated, remote attacker can exploit this, via a padding oracle attack, to decrypt information without knowledge of the encryption key, resulting in the disclosure of potentially sensitive information. (CVE-2016-0736) - A denial of service vulnerability exists in the mod_auth_digest module during client entry allocation. An unauthenticated, remote attacker can exploit this, via specially crafted input, to exhaust shared memory resources, resulting in a server crash. (CVE-2016-2161) - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated. (CVE-2016-5387, CVE-2016-1000102, CVE-2016-1000104) - A carry propagation error exists in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055) - A denial of service vulnerability exists in the mod_http2 module due to improper handling of the LimitRequestFields directive. An unauthenticated, remote attacker can exploit this, via specially crafted CONTINUATION frames in an HTTP/2 request, to inject unlimited request headers into the server, resulting in the exhaustion of memory resources. (CVE-2016-8740) - A flaw exists due to improper handling of whitespace patterns in user-agent headers. An unauthenticated, remote attacker can exploit this, via a specially crafted user-agent header, to cause the program to incorrectly process sequences of requests, resulting in interpreting responses incorrectly, polluting the cache, or disclosing the content from one request to a second downstream user-agent. (CVE-2016-8743) - A flaw exits in libcurl in the randit() function within file lib/rand.c due to improper initialization of the 32-bit random value, which is used, for example, to generate Digest and NTLM authentication nonces, resulting in weaker cryptographic operations than expected. (CVE-2016-9594) - A floating pointer exception flaw exists in the exif_convert_any_to_int() function in exif.c that is triggered when handling TIFF and JPEG image tags. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10158) - An integer overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper validation when handling phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10159) - An off-by-one overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10160) - An out-of-bounds read error exists in the finish_nested_data() function in var_unserializer.c due to improper validation of unserialized data. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition or the disclosure of memory contents. (CVE-2016-10161) - A denial of service vulnerability exists in the gdImageCreateFromGd2Ctx() function within file gd_gd2.c in the GD Graphics Library (LibGD) when handling images claiming to contain more image data than they actually do. An unauthenticated, remote attacker can exploit this to crash a process linked against the library. (CVE-2016-10167) - An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731) - A carry propagating error exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys. Note that this issue is very similar to CVE-2015-3193. Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732) - An out-of-bounds read error exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. - Multiple stored cross-site scripting (XSS) vulnerabilities exist in unspecified scripts due to a failure to validate input before returning it to users. An authenticated, remote authenticated attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 97726
    published 2017-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97726
    title Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C40CA16C4D9F4D708B6C4D53AEB8EAD4.NASL
    description Project curl Security Advisory : libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary strings in HTTP formposts and more. Having a weak or virtually non-existent random there makes these operations vulnerable. This function is brand new in 7.52.0 and is the result of an overhaul to make sure libcurl uses strong random as much as possible - provided by the backend TLS crypto libraries when present. The faulty function was introduced in this commit. We are not aware of any exploit of this flaw.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 96120
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96120
    title FreeBSD : cURL -- uninitialized random vulnerability (c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-47.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-47 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers and bug reports referenced for details. Impact : Remote attackers could conduct a Man-in-the-Middle attack to obtain sensitive information, cause a Denial of Service condition, or execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-01-20
    plugin id 96644
    published 2017-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96644
    title GLSA-201701-47 : cURL: Multiple vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2017-003.NASL
    description The remote host is running Mac OS X 10.10.5, Mac OS X 10.11.6, or macOS 10.12.5 and is missing a security update. It is therefore, affected by multiple vulnerabilities : - An overflow condition exists in the curl component in the dprintf_formatf() function that is triggered when handling floating point conversion. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9586) - A flaw exits in the curl component in the randit() function within file lib/rand.c due to improper initialization of the 32-bit random value, which is used, for example, to generate Digest and NTLM authentication nonces, resulting in weaker cryptographic operations than expected. (CVE-2016-9594) - A flaw exists in the curl component in the allocate_conn() function in lib/url.c when using the OCSP stapling feature for checking a X.509 certificate revocation status. The issue is triggered as the request option for OCSP stapling is not properly passed to the TLS library, resulting in no error being returned even when no proof of the validity of the certificate could be provided. A man-in-the-middle attacker can exploit this to provide a revoked certificate. (CVE-2017-2629) - A remote code execution vulnerability exists in the CoreAudio component due to improper validation of user-supplied input when handling movie files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted movie file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7008) - A memory corruption issue exists in the IOUSBFamily component due to improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted application, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7009) - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information. (CVE-2017-7010, CVE-2017-7013) - Multiple memory corruption issues exist in the Intel Graphics Driver component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with elevated privileges. (CVE-2017-7014, CVE-2017-7017, CVE-2017-7035, CVE-2017-7044) - A remote code execution vulnerability exists in the Audio component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7015) - Multiple remote code execution vulnerabilities exist in the afclip component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7016, CVE-2017-7033) - A memory corruption issue exists in the AppleGraphicsPowerManagement component due to improper validation of input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7021) - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7022, CVE-2017-7024, CVE-2017-7026) - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with kernel privileges. (CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, CVE-2017-7069) - Multiple unspecified flaws exist in the kernel due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents. (CVE-2017-7028, CVE-2017-7029, CVE-2017-7067) - A flaw exists in the Foundation component due to improper validation of input. A unauthenticated, remote attacker can exploit this, by convincing a user to open specially crafted file, to execute arbitrary code. (CVE-2017-7031) - A memory corruption issue exists in the 'kext tools' component due to improper validation of input. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2017-7032) - Multiple unspecified flaws exist in the Intel Graphics Driver component due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents. (CVE-2017-7036, CVE-2017-7045) - A memory corruption issue exists in the libxpc component due to improper validation of input. A local attacker can exploit this issue, via a specifically crafted application, to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7047) - Multiple memory corruption issues exist in the Bluetooth component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7050, CVE-2017-7051) - A memory corruption issue exists in the Bluetooth component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7054) - A buffer overflow condition exists in the Contacts component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7062) - A buffer overflow condition exists in the libarchive component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted archive file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7068) - A certificate validation bypass vulnerability exists in the curl component due to the program attempting to resume TLS sessions even if the client certificate fails. An unauthenticated, remote attacker can exploit this to bypass validation mechanisms. (CVE-2017-7468) - A memory corruption issue exists in the Broadcom BCM43xx family Wi-Fi Chips component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-9417)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 101957
    published 2017-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101957
    title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003)
refmap via4
bid 95094
confirm
gentoo GLSA-201701-47
misc https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594
sectrack 1037528
Last major update 23-04-2018 - 15:29
Published 23-04-2018 - 15:29
Last modified 25-05-2018 - 08:57
Back to Top