FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cURL -- uninitialized random vulnerability

Affected packages
7.52.0 <= curl < 7.52.1

Details

VuXML ID c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4
Discovery 2016-12-23
Entry 2016-12-24

Project curl Security Advisory:

libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to.

This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary strings in HTTP formposts and more. Having a weak or virtually non-existent random there makes these operations vulnerable.

This function is brand new in 7.52.0 and is the result of an overhaul to make sure libcurl uses strong random as much as possible - provided by the backend TLS crypto libraries when present. The faulty function was introduced in this commit.

We are not aware of any exploit of this flaw.

References

CVE Name CVE-2016-9594
URL https://curl.haxx.se/docs/adv_20161223.html