ISS X-Force Database: curl-tftp-bo(25318): cURL TFTP URL buffer overflow

cURL TFTP URL buffer overflow

curl-tftp-bo (25318)

High Risk

Description:

cURL (libcurl) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking of TFTP URLs. By sending a TFTP URL with an overly long file path or file name, a local attacker could overflow a buffer and execute arbitrary commands on the system with the privileges of cURL.

Platforms Affected:

cURL, cURL 7.15.0 - 7.15.2
Gentoo, Linux
OpenPKG, OpenPKG 2-STABLE
OpenPKG, OpenPKG 2.5
OpenPKG, OpenPKG CURRENT

Remedy:

Refer to cURL Security Advisory March 20 2006 for patch, upgrade, and suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-03-19 for patch, upgrade, or suggested workaround information. See References.

For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2006.012 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

cURL Security Advisory March 20 2006, libcurl TFTP Packet Buffer Overflow Vulnerability at http://curl.haxx.se/docs/adv_20060320.html.
cURL Web site, cURL and libcurl at http://curl.haxx.se/.
Full-Disclosure Mailing List, Mon Mar 20 2006 - 05:27:43 CST , [SSAG#001] :: cURL tftp:// URL Buffer Overflow at http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html.
BID-17154: cURL / libcURL TFTP URL Parser Buffer Overflow Vulnerability
CVE-2006-1061: Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
GLSA-200603-19: cURL/libcurl: Buffer overflow in the handling of TFTP URLs
OpenPKG-SA-2006.012: curl
OSVDB ID: 23982: cURL/libcURL TFTP URL Parsing Overflow
SA19271: cURL/libcURL TFTP Protocol URL Parsing Buffer Overflow
VUPEN/ADV-2006-1008: cURL/libcURL TFTP Protocol URL Handling Buffer Overflow Vulnerability

Reported:

Mar 20, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page