SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   IBM Rational ClearCase Vendors:   IBM
(IBM Issues Fix for IBM Rational ClearCase) cURL/libcurl Multiple Bugs Let Remote Users Inject Cookies, Reuse Connections, and Execute Arbitrary Code and Let Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
SecurityTracker Alert ID:  1038207
SecurityTracker URL:  http://securitytracker.com/id/1038207
CVE Reference:   CVE-2016-8624, CVE-2016-8625   (Links to External Site)
Date:  Apr 8 2017
Impact:   Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1.2 - 7.1.2.19, 8.0 - 8.0.0.20, 8.0.1 - 8.0.1.13, 9.0 - 9.0.0.3
Description:   Multiple vulnerabilities were reported in cURL/libcurl. A remote or local user can execute arbitrary code on the target system. A remote user can modify cookies on the target system. A remote user can reuse sessions. A local user can obtain potentially sensitive information from system memory. IBM Rational ClearCase is affected.

A remote server can inject arbitrary cookies for arbitrary domains in certain cases where cookies state is written to a cookie jar file [CVE-2016-8615].

A remote user with knowledge of a case-insensitive version of the password for another user may be able to reuse a connection for the target user [CVE-2016-8616].

A local user can supply a specially crafted username via CURLOPT_USERNAME (or curl's -u, --user option) to trigger a buffer overflow in the libcurl base64 encode function and potentially execute arbitrary code [CVE-2016-8617]. Systems with 32-bit userspace addresses are affected.

A local user can invoke the libcurl curl_maprintf() API function to trigger a double-free memory error and potentially execute arbitrary code [CVE-2016-8618] Systems with 32 bit size_t variables are affected.

A remote server can trigger a memory allocation flaw in the Kerberos implementation to potentially execute arbitrary code [CVE-2016-8619].

A local user can supply specially crafted data to the curl application to trigger a globbing error and potentially execute arbitrary code [CVE-2016-8620]. libcurl is not affected.

A user can supply specially crafted data to trigger a parsing error in the curl_getdate() function to overwrite memory and potentially execute arbitrary code [CVE-2016-8621].

A user can supply a specially crafted URL to trigger a heap overflow in the curl_easy_unescape() URL percent-encoding decode function and potentially execute arbitrary code [CVE-2016-8622].

A local user can invoke a race condition in the processing of cookies shared by different threads to trigger a use-after-free memory error and obtain potentially sensitive information from memory [CVE-2016-8623].

A user can supply a specially crafted host name value to trigger a parsing error when the hostname ends with a '#' character and cause libcurl to connect to a different host [CVE-2016-8624]. Various protocol schemes are affected.

On systems built with libidn, libcurl may resolve a domain name to the wrong host due to differences between the IDNA 2003 standard that libcurl uses and the current IDNA 2008 standard [CVE-2016-8625].

Cure53, Christian Heimes, Fernando Munoz, and Luat Nguyen reported these vulnerabilities.

Impact:   A remote or local user can execute arbitrary code on the target system.

A remote user can modify cookies on the target system.

A local user can obtain potentially sensitive information from system memory on the target system.

A remote user can reuse sessions.

Solution:   IBM has issued a fix for CVE-2016-8624 and CVE-2016-8625 for IBM Rational ClearCase:

Fix Pack 21 (8.0.0.21) for 8.0
Fix Pack 14 (8.0.1.14) for 8.0.1
Fix Pack 4 (9.0.0.4) for 9.0

The IBM advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21996857

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21996857 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 3 2016 cURL/libcurl Multiple Bugs Let Remote Users Inject Cookies, Reuse Connections, and Execute Arbitrary Code and Let Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC