Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0036

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0036
Last Modified 12 Aug 2015 01:38:48
Published 13 Apr 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0036

Summary

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

Vulnerable Systems

Application

  • Curl 7.20.0

  • Curl 7.20.1

  • Curl 7.21.0

  • Curl 7.21.1

  • Curl 7.21.2

  • Curl 7.21.3

  • Curl 7.21.4

  • Curl 7.21.5

  • Curl 7.21.6

  • Curl 7.21.7

  • Curl 7.22.0

  • Curl 7.23.0

  • Curl 7.23.1

  • Libcurl 7.20.0

  • Libcurl 7.20.1

  • Libcurl 7.21.0

  • Libcurl 7.21.1

  • Libcurl 7.21.2

  • Libcurl 7.21.3

  • Libcurl 7.21.4

  • Libcurl 7.21.5

  • Libcurl 7.21.6

  • Libcurl 7.21.7

  • Libcurl 7.22.0

  • Libcurl 7.23.0

  • Libcurl 7.23.1


References

CONFIRM - https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=773457

CONFIRM - http://curl.haxx.se/docs/adv_20120124.html

CONFIRM - http://curl.haxx.se/curl-url-sanitize.patch

CONFIRM - http://support.apple.com/kb/HT5281

APPLE - APPLE-SA-2012-05-09-1

HP - SSRT100877

HP - HPSBMU02786

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Related Patches

Apple 2012-05-09 Mac OS X 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X 10.7.4 Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Update

Novell SUSE 2012:7937 curl security update for SLE 10 SP4 i586

Novell SUSE 2012:7937 curl security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:42:32