[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- cURL / mingw32-cURL -- Did not
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-10-13 18:58:30
Message-ID: 686600886.443491286996310869.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-3842
Thanks.
--
JB
----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
> Hello Steve, vendors,
>
> cURL upstream has released new curl / libcurl v7.21.2 addressing
> one security flaw,
> specific for operating systems, where backslashes are used to separate
> directories from
> file names. More details follow:
>
> cURL did not properly cut off directory parts from user provided
> file name to be downloaded on operating systems, where backslashes
> are used to separate directories and file names. This could allow
> remote servers to create or overwrite files via a Content-Disposition
> header that suggests a crafted filename, and possibly execute
> arbitrary
> code as a consequence of writing to a certain file in a user's home
> directory. Different vulnerability than CVE-2010-2251, CVE-2010-2252
> and CVE-2010-2253.
>
> Note: As already mentioned in [2]. This flaw only affected those
> operating systems, where backslash is used to separate
> directories
> and file names, thus Microsoft Windows, Novell Netware, MSDOS,
> OS/2
> and Symbian to mention some of them.
>
> References:
> [1] http://curl.haxx.se/docs/security.html
> [2] http://curl.haxx.se/docs/adv_20101013.html
>
> Upstream patch:
> [3] http://curl.haxx.se/curl-content-disposition.patch
>
> Credit: Upstream acknowledges Dan Fandrich as the original reporter.
>
> Red Hat Bugzilla tracking system record:
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=642642
>
> Could you please allocate a CVE id for this issue?
>
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic