curl: libcurl FTP path normalization flaw allows decoded %2e%2e → CWD .. and directory escape (Path Traversal, CWE-22)

ftpparseurlpath in lib/ftp.c URL-decodes FTP path segments e.g. %2e%2e and then splits the decoded path into components using an ad-hoc loop that skips empty components produced by //. The code does not perform canonical path normalization no stack-based handling of . or ... As a result, encoded...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 7 : curl and nss-pem (RHSA-2018:3157)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3157 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-0500. Zhaoyang Wu discovered tha...

Medium: curl

Issue Overview: FTP path trickery leads to NIL byte out of bounds write: It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an...

Fedora 27 : curl (2018-8877b4ccac)

fix FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - fix LDAP NULL pointer dereference CVE-2018-1000121 - fix RTSP RTP buffer over-read CVE-2018-1000122 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

CURL-CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write

curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...

CVE-2006-4489

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 1.2.2 allow remote attackers to execute arbitrary PHP code via 1 a URL in the configincludedir parameter in actions/ipn.php or 2 an FTP path in the configplugindir parameter in include/initPlugins.php...

CVE-2006-4489

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 1.2.2 allow remote attackers to execute arbitrary PHP code via 1 a URL in the configincludedir parameter in actions/ipn.php or 2 an FTP path in the configplugindir parameter in include/initPlugins.php...

Vulnerabilities in BRS WebWeaver

----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in BRS WebWeaver Overview BRS WebWeaver v0.63 is a combined ftp and web server available from http://bsoutham.home.dhs.org. Vulnerabilities exist in the web server which allow remote users to break out of the web roo...