Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4077

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-4077
Last Modified 08 Sep 2011 12:00:00
Published 07 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4077

Summary

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

Vulnerable Systems

Application

  • Daniel Stenberg Curl 7.11.2

  • Daniel Stenberg Curl 7.12

  • Daniel Stenberg Curl 7.12.1

  • Daniel Stenberg Curl 7.12.2

  • Daniel Stenberg Curl 7.12.3

  • Daniel Stenberg Curl 7.13

  • Daniel Stenberg Curl 7.13.1

  • Daniel Stenberg Curl 7.13.2

  • Daniel Stenberg Curl 7.14

  • Daniel Stenberg Curl 7.14.1

  • Daniel Stenberg Curl 7.15


References

CERT - TA06-132A

BID - 15756

BUGTRAQ - 20051207 Advisory 24/2005: libcurl URL parsing vulnerability

MISC - http://www.hardened-php.net/advisory_242005.109.html

SECUNIA - 17907

CONFIRM - http://curl.haxx.se/docs/adv_20051207.html

VUPEN - ADV-2008-0924

VUPEN - ADV-2006-1779

VUPEN - ADV-2006-0960

VUPEN - ADV-2005-2791

UBUNTU - USN-228-1

TRUSTIX - TSLSA-2005-0072

BID - 17951

REDHAT - RHSA-2005:875

FEDORA - FEDORA-2005-1129

MANDRIVA - MDKSA-2005:224

GENTOO - GLSA-200603-25

GENTOO - GLSA-200512-09

DEBIAN - DSA-919

SECUNIA - 20077

SECUNIA - 19457

SECUNIA - 19433

SECUNIA - 19261

SECUNIA - 18336

SECUNIA - 18188

SECUNIA - 18105

SECUNIA - 17977

SECUNIA - 17965

SECUNIA - 17961

SECUNIA - 17960

MISC - http://qa.openoffice.org/issues/show_bug.cgi?id=59032

APPLE - APPLE-SA-2008-03-18

APPLE - APPLE-SA-2006-05-11

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

SCO - SCOSA-2006.16

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger Universal)

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (PPC)

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (Intel)

Apple 2006-05-11 Security Update 2006-003 (10.4.6 Server)


Last Updated: 27 May 2016 10:41:11