Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   curl Vendors:
cURL 'Content-disposition' Header Processing Flaw Lets Remote Users Overwrite Files and Potentially
SecurityTracker Alert ID:  1024583
SecurityTracker URL:
CVE Reference:   CVE-2010-3842   (Links to External Site)
Date:  Oct 15 2010
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.20.0 - 7.21.1
Description:   A vulnerability was reported in cURL. A remote user can overwrite files on the target system and potentially execute arbitrary code in certain cases.

A remote server can return a specially crafted 'Content-disposition' header value to a connected target user. When the target user invokes cURL with the '--remote-header-name option (or '-J') on operating systems that use backslash characters as a path separator, cURL will write the downloaded file to an arbitrary location (with the privileges of the target user).

This can be exploited to execute arbitrary code on the target system.

Windows, Netware, MSDOS, OS/2, and Symbian systems are affected.

Only the cURL command line is affected. libcurl is not affected.

The vendor was notified on September 3, 2010.

Dan Fandrich reported this vulnerability.

Impact:   A remote user can overwrite files and potentially execute arbitrary code on certain target systems.
Solution:   The vendor has issued a fix (7.21.2).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC