SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   cURL Vendors:   curl.haxx.se
cURL 'Content-disposition' Header Processing Flaw Lets Remote Users Overwrite Files and Potentially
SecurityTracker Alert ID:  1024583
SecurityTracker URL:  http://securitytracker.com/id/1024583
CVE Reference:   CVE-2010-3842   (Links to External Site)
Date:  Oct 15 2010
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.20.0 - 7.21.1
Description:   A vulnerability was reported in cURL. A remote user can overwrite files on the target system and potentially execute arbitrary code in certain cases.

A remote server can return a specially crafted 'Content-disposition' header value to a connected target user. When the target user invokes cURL with the '--remote-header-name option (or '-J') on operating systems that use backslash characters as a path separator, cURL will write the downloaded file to an arbitrary location (with the privileges of the target user).

This can be exploited to execute arbitrary code on the target system.

Windows, Netware, MSDOS, OS/2, and Symbian systems are affected.

Only the cURL command line is affected. libcurl is not affected.

The vendor was notified on September 3, 2010.

Dan Fandrich reported this vulnerability.

Impact:   A remote user can overwrite files and potentially execute arbitrary code on certain target systems.
Solution:   The vendor has issued a fix (7.21.2).

The vendor's advisory is available at:

http://curl.haxx.se/docs/adv_20101013.html

Vendor URL:  curl.haxx.se/docs/adv_20101013.html (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Fri, 15 Oct 2010 03:30:06 +0000
Subject:  curl


> curl local file overwrite

http://curl.haxx.se/docs/adv_20101013.html

CVE-2010-3842

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC