Vulnerabilities detected in curl.exe on Enterprise Vault (EV) Servers.

book

Article ID: 100052406

calendar_today

Updated On:

Description

Error Message

Vulnerability 1:

A vulnerability has been reported in cURL and libcURL, which can be exploited by malicious people to disclose sensitive information.
1) An error when automatically populating the Referer HTTP request header field can be exploited to disclose user credentials to an unrelated server via the URL.
Successful exploitation of the vulnerability requires the Referer HTTP request header to be automatically populated.
The vulnerability is reported in versions 7.1.1 through 7.75.0.

Solution:
Update to version 7.76.0.

Original Advisory:
https://curl.se/docs/CVE-2021-22876.html

Path:
InstallDrive:\Program Files (x86)\Enterprise Vault\EVIndexing\bin\curl.exe

 

Vulnerability 2:

Description:
Multiple vulnerabilities have been reported in cURL / libcURL, which can be exploited by malicious people to conduct spoofing attacks, disclose sensitive information, and cause a DoS (Denial of Service).

1) A double free error when sending data to an MQTT server can be exploited to cause a DoS condition.

2) An error related to upgrading TLS can be exploited to disclose certain information.

3) An error when using STARTTLS for an IMAP, POP3, SMTP, or FTP connection can be exploited to spoof server responses via a MitM (Man-in-the-middle) attack.

The vulnerabilities are reported in versions prior to 7.79.0.

Solution:
Update to version 7.79.0.

Original Advisory:
https://curl.se/docs/CVE-2021-22945.html
https://curl.se/docs/CVE-2021-22946.html
https://curl.se/docs/CVE-2021-22947.html

Resolution

This issue is currently under investigation by Veritas Technologies LLC. Pending the outcome of the investigation, this issue may be resolved by way of a patch or hotfix in current or future revisions of the software. However, this particular issue is not currently scheduled for any release.  If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Veritas Sales representative or the Veritas Sales group to discuss these concerns.
 
Note: Customers experiencing this issue are encouraged to contact Veritas Technical Support as data is still being collected to assist in resolving this issue.

Issue/Introduction

Certain security solutions can detect vulnerabilities with curl.exe at the following location on the EV Server: InstallDrive:\Program Files (x86)\Enterprise Vault\EVIndexing\bin\curl.exe.

Additional Information

JIRA: CFT-7271 JIRA: CFT-4314 JIRA: CFT-3809 JIRA: CFT-4105
Powered by Wolken Software