Bugzilla – Bug 1032309
VUL-0: CVE-2017-7407: curl: ourWriteOut function might allow physically proximate attacker to obtain sensitive information
Last modified: 2018-09-05 11:05:58 UTC
CVE-2017-7407 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. Upstream Fix: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13 The affected function 'void ourWriteOut(CURL *curl, char *writeinfo)' in SLE-10-SP3, SLE-11-SP1 and SLE-11-SP3 is located in src/writeout.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7407 http://www.cvedetails.com/cve/CVE-2017-7407/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407
Upstream advisory: https://curl.haxx.se/docs/adv_20170403.html
There were two bugs in the write_out code, upstream commits are: https://github.com/curl/curl/commit/1890d59905414ab84a https://github.com/curl/curl/commit/8e65877870c1 Combined patch: https://curl.haxx.se/CVE-2017-7407.patch
Created attachment 720104 [details] Upstream patches for SLE-10, 11 and 12.
This bug has been included in the following requests: SUSE:SLE-12:Update 7.37.0 curl-7.37-CVE-2017-7407.patch mr#130410 SUSE:SLE-11-SP3:Update 7.19.7 curl-7.19-CVE-2017-7407.patch sr#130452 SUSE:SLE-11-SP1:Update 7.19.7 curl-7.19-CVE-2017-7407.patch sr#130459 SUSE:SLE-10-SP3:Update 7.15.1 curl-7.15-CVE-2017-7407.patch sr#130442 Patches attached using those mentioned in Comment#2. Reassigning bug to the security-team.
SUSE-SU-2017:1042-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1015332,1027712,1032309 CVE References: CVE-2016-9586,CVE-2017-7407 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): curl-7.37.0-36.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): curl-7.37.0-36.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): curl-7.37.0-36.1 SUSE Linux Enterprise Server 12-SP2 (src): curl-7.37.0-36.1 SUSE Linux Enterprise Server 12-SP1 (src): curl-7.37.0-36.1 SUSE Linux Enterprise Desktop 12-SP2 (src): curl-7.37.0-36.1 SUSE Linux Enterprise Desktop 12-SP1 (src): curl-7.37.0-36.1 OpenStack Cloud Magnum Orchestration 7 (src): curl-7.37.0-36.1
SUSE-SU-2017:1043-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1015332,1032309 CVE References: CVE-2016-9586,CVE-2017-7407 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): curl-7.19.7-1.69.1 SUSE Linux Enterprise Server 11-SP4 (src): curl-7.19.7-1.69.1 SUSE Linux Enterprise Server 11-SECURITY (src): curl-openssl1-7.19.7-1.69.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): curl-7.19.7-1.69.1
openSUSE-SU-2017:1105-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1015332,1027712,1032309 CVE References: CVE-2016-9586,CVE-2017-7407 Sources used: openSUSE Leap 42.2 (src): curl-7.37.0-16.3.1 openSUSE Leap 42.1 (src): curl-7.37.0-19.1
SUSE-SU-2017:1117-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1015332,1032309 CVE References: CVE-2016-9586,CVE-2017-7407 Sources used: SUSE Studio Onsite 1.3 (src): curl-7.19.7-1.20.52.2
released
SUSE-SU-2017:2312-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1015332,1032309,1051644 CVE References: CVE-2016-9586,CVE-2017-1000100,CVE-2017-7407 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): curl-7.19.7-1.70.3.1 SUSE Linux Enterprise Server 11-SP4 (src): curl-7.19.7-1.70.3.1 SUSE Linux Enterprise Server 11-SECURITY (src): curl-openssl1-7.19.7-1.70.3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): curl-7.19.7-1.70.3.1