Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

cURL/libcurl 7.x < 7.49.1 RCE

Medium

Synopsis

The host is running a version of cURL/libcurl that is vulnerable to a Remote Code Exection (RCE) attack vector.

Description

Versions of cURL and libcurl prior to 7.49.1 are affected by a flaw that is triggered when loading certain dynamic-link libraries including 'security.dll', 'secur32.dll', and 'ws2_32.dll'. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening a FILETYPE file located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.

Solution

Upgrade to cURL/libcurl 7.49.1 or later.