curl: NULL Pointer Dereference (DoS) in libcurl SFTP QUOTE command parsing due to missing return statement

Summary: A logic flaw in lib/vssh/libssh2.c causes a NULL pointer dereference when parsing SFTP QUOTE commands with trailing garbage. The function returnquoteerror is called to handle errors and free memory, but the return keyword is missing in several blocks e.g., lines 840, 857, 870. This allow...

MiracleLinux 4 : nfs-utils-1.2.3-15.AXS4 (AXSA:2012-04:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-04:01 advisory. The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the...

curl: Missing enforcement of SFTP quote syntax can lead to operation on wrong object

Summary: curl supports -Q or --quote and libcurl CURLOPTQUOTE to specify "commands" to execute for ftp and SFTP connections. The SFTP supports commands that perform operations on filesystem objects. When the object path has a filename, the caller is supposed to quote the parameter example: -Q...