This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200512-09
(cURL: Off-by-one errors in URL handling)
Stefan Esser from the Hardened-PHP Project has reported a
vulnerability in cURL that allows for a local buffer overflow when cURL
attempts to parse specially crafted URLs. The URL can be specially
crafted in one of two ways: the URL could be malformed in a way that
prevents a terminating null byte from being added to either a hostname
or path buffer
or the URL could contain a '?' separator in the
hostname portion, which causes a '/' to be prepended to the resulting
An attacker capable of getting cURL to parse a maliciously crafted
URL could cause a denial of service or execute arbitrary code with the
privileges of the user making the call to cURL. An attacker could also
escape open_basedir or safe_mode pseudo-restrictions when exploiting
this problem from within a PHP program when PHP is compiled with
There is no known workaround at this time.
See also :
All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/curl-7.15.1'
Risk factor :
Medium / CVSS Base Score : 4.6
Family: Gentoo Local Security Checks
Nessus Plugin ID: 20329 (gentoo_GLSA-200512-09.nasl)
CVE ID: CVE-2005-4077
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.