Date: Wed, 13 Oct 2010 14:58:30 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Daniel Stenberg <daniel@...x.se>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files Please use CVE-2010-3842 Thanks. -- JB ----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote: > Hello Steve, vendors, > > cURL upstream has released new curl / libcurl v7.21.2 addressing > one security flaw, > specific for operating systems, where backslashes are used to separate > directories from > file names. More details follow: > > cURL did not properly cut off directory parts from user provided > file name to be downloaded on operating systems, where backslashes > are used to separate directories and file names. This could allow > remote servers to create or overwrite files via a Content-Disposition > header that suggests a crafted filename, and possibly execute > arbitrary > code as a consequence of writing to a certain file in a user's home > directory. Different vulnerability than CVE-2010-2251, CVE-2010-2252 > and CVE-2010-2253. > > Note: As already mentioned in . This flaw only affected those > operating systems, where backslash is used to separate > directories > and file names, thus Microsoft Windows, Novell Netware, MSDOS, > OS/2 > and Symbian to mention some of them. > > References: >  http://curl.haxx.se/docs/security.html >  http://curl.haxx.se/docs/adv_20101013.html > > Upstream patch: >  http://curl.haxx.se/curl-content-disposition.patch > > Credit: Upstream acknowledges Dan Fandrich as the original reporter. > > Red Hat Bugzilla tracking system record: >  https://bugzilla.redhat.com/show_bug.cgi?id=642642 > > Could you please allocate a CVE id for this issue? > > Thanks && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ