[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- cURL / mingw32-cURL -- Did not
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-10-13 18:58:30
Message-ID: 686600886.443491286996310869.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-3842

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:

> Hello Steve, vendors,
> 
>    cURL upstream has released new curl / libcurl v7.21.2 addressing
> one security flaw,
> specific for operating systems, where backslashes are used to separate
> directories from
> file names. More details follow:
> 
> cURL did not properly cut off directory parts from user provided
> file name to be downloaded on operating systems, where backslashes
> are used to separate directories and file names. This could allow
> remote servers to create or overwrite files via a Content-Disposition
> header that suggests a crafted filename, and possibly execute
> arbitrary
> code as a consequence of writing to a certain file in a user's home
> directory. Different vulnerability than CVE-2010-2251, CVE-2010-2252
> and CVE-2010-2253.
> 
> Note: As already mentioned in [2]. This flaw only affected those
>        operating systems, where backslash is used to separate
> directories
>        and file names, thus Microsoft Windows, Novell Netware, MSDOS,
> OS/2
>        and Symbian to mention some of them.
> 
> References:
> [1] http://curl.haxx.se/docs/security.html
> [2] http://curl.haxx.se/docs/adv_20101013.html
> 
> Upstream patch:
> [3] http://curl.haxx.se/curl-content-disposition.patch
> 
> Credit: Upstream acknowledges Dan Fandrich as the original reporter.
> 
> Red Hat Bugzilla tracking system record:
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=642642
> 
> Could you please allocate a CVE id for this issue?
> 
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic