|
|
|
|
| |
Credit:
The information has been provided by Ulf Harnhammar.
|
| |
Vulnerable Systems:
* cURL versions 7.15.0, 7.15.1* and 7.15.2*
* = only on architectures where a certain struct has the same size as on the x86 architecture
Immune Systems:
* cURL versions 7.15.3 or versions patched with this patch :http://curl.haxx.se/libcurl-tftp.patch
Successful exploitation of this vulnerability allows attackers to execute code within the context of cURL. There are many programs that allow remote users to access cURL, for instance through its PHP bindings.
If cURL is configured to follow HTTP redirects, for example by using its -L command line option, any web resource can redirect to a tftp:// URL that causes this overflow.
Read also cURL's own advisory at:
http://curl.haxx.se/docs/adv_20060320.html.
Workaround:
If cURL is compiled with "./configure --disable-tftp && make", the whole TFTP support in the program is disabled. This secures it effectively against this vulnerability, but some users may wish to use the program's TFTP capabilities, making it an undesirable workaround for them.
CVE Information:
CVE-2006-1061.
|
|
|
|
|
