Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0037

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-0037
Last Modified 21 Aug 2010 01:29:37
Published 04 Mar 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0037

Summary

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Vulnerable Systems

Application

  • Curl 5.11

  • Curl 6.0

  • Curl 6.1beta

  • Curl 6.2

  • Curl 6.3

  • Curl 6.3.1

  • Curl 6.4

  • Curl 6.5

  • Curl 6.5.1

  • Curl 6.5.2

  • Curl 7.1

  • Curl 7.1.1

  • Curl 7.10

  • Curl 7.10.1

  • Curl 7.10.2

  • Curl 7.10.3

  • Curl 7.10.4

  • Curl 7.10.5

  • Curl 7.10.6

  • Curl 7.10.7

  • Curl 7.10.8

  • Curl 7.11.1

  • Curl 7.12

  • Curl 7.12.1

  • Curl 7.12.2

  • Curl 7.13

  • Curl 7.13.2

  • Curl 7.14

  • Curl 7.14.1

  • Curl 7.15

  • Curl 7.15.1

  • Curl 7.15.3

  • Curl 7.16.3

  • Curl 7.16.4

  • Curl 7.17

  • Curl 7.18

  • Curl 7.19.3

  • Curl 7.2

  • Curl 7.2.1

  • Curl 7.3

  • Curl 7.4

  • Curl 7.4.1

  • Curl 7.4.2

  • Curl 7.5

  • Curl 7.5.1

  • Curl 7.5.2

  • Curl 7.6

  • Curl 7.6.1

  • Curl 7.7

  • Curl 7.7.1

  • Curl 7.7.2

  • Curl 7.7.3

  • Curl 7.8

  • Curl 7.8.1

  • Curl 7.8.2

  • Curl 7.9

  • Curl 7.9.1

  • Curl 7.9.2

  • Curl 7.9.3

  • Curl 7.9.4

  • Curl 7.9.5

  • Curl 7.9.6

  • Curl 7.9.7

  • Curl 7.9.8

  • Libcurl 5.11

  • Libcurl 7.12

  • Libcurl 7.12.1

  • Libcurl 7.12.2

  • Libcurl 7.12.3

  • Libcurl 7.13

  • Libcurl 7.13.1

  • Libcurl 7.13.2

  • Libcurl 7.14

  • Libcurl 7.14.1

  • Libcurl 7.15

  • Libcurl 7.15.1

  • Libcurl 7.15.2

  • Libcurl 7.15.3

  • Libcurl 7.16.3

  • Libcurl 7.19.3


References

VUPEN - ADV-2009-0581

BID - 33962

CONFIRM - http://curl.haxx.se/lxr/source/CHANGES

CONFIRM - http://curl.haxx.se/docs/adv_20090303.html

XF - curl-location-security-bypass(49030)

MISC - http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf

MISC - http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/

VUPEN - ADV-2009-1865

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0009.html

UBUNTU - USN-726-1

SECTRACK - 1021783

BUGTRAQ - 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl

BUGTRAQ - 20090312 rPSA-2009-0042-1 curl

REDHAT - RHSA-2009:0341

DEBIAN - DSA-1738

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042

CONFIRM - http://support.apple.com/kb/HT4077

SLACKWARE - SSA:2009-069-01

GENTOO - GLSA-200903-21

SECUNIA - 35766

SECUNIA - 34399

SECUNIA - 34259

SECUNIA - 34255

SECUNIA - 34251

SECUNIA - 34237

SECUNIA - 34202

SECUNIA - 34138

MLIST - [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl

SUSE - SUSE-SR:2009:006

APPLE - APPLE-SA-2010-03-29-1

Related Patches

Novell SUSE 2009:6408 compat-curl2 security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:06