Info

Disclosure

Mar 20, 2006

Discovery

Mar 10, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in cURL/libCURL. cURL/libcURL fails to boundary check resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution by redirecting cURL/libcURL to a TFTP URL that exceeds 512 bytes in length resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 7.15.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: reconfigure and compile cURL to remove TFTP support # ./configure --disable-tftp && make

Products

cURL	cURL	7.15.0
		7.15.1
		7.15.2
	libcURL	7.15.0
		7.15.1
		7.15.2

References

Bugtraq ID: 17154
Secunia Advisory ID: 19271 19335 19344 19371
CVE ID: 2006-1061 (see also: NVD)
ISS X-Force ID: 25318
VUPEN Advisory: ADV-2006-1008
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html
Vendor Specific Advisory URL: http://curl.haxx.se/docs/adv_20060320.html
http://www.gentoo.org/security/en/glsa/glsa-200603-19.xml
http://www.trustix.org/errata/2006/0016/
Vendor Specific News/Changelog Entry: http://curl.haxx.se/docs/adv_20060320.html

Credit

Ulf Harnhammar - metaurprontomail.com -

Direct URL: http://osvdb.org/23982