CVE-2005-4077

MEDIUM

Description

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt

http://curl.haxx.se/docs/adv_20051207.html

http://docs.info.apple.com/article.html?artnum=307562

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://qa.openoffice.org/issues/show_bug.cgi?id=59032

http://secunia.com/advisories/17907

http://secunia.com/advisories/17960

http://secunia.com/advisories/17961

http://secunia.com/advisories/17965

http://secunia.com/advisories/17977

http://secunia.com/advisories/18105

http://secunia.com/advisories/18188

http://secunia.com/advisories/18336

http://secunia.com/advisories/19261

http://secunia.com/advisories/19433

http://secunia.com/advisories/19457

http://secunia.com/advisories/20077

http://www.debian.org/security/2005/dsa-919

http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml

http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml

http://www.hardened-php.net/advisory_242005.109.html

http://www.mandriva.com/security/advisories?name=MDKSA-2005:224

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html

http://www.redhat.com/support/errata/RHSA-2005-875.html

http://www.securityfocus.com/archive/1/418849/100/0/threaded

http://www.securityfocus.com/bid/15756

http://www.securityfocus.com/bid/17951

http://www.trustix.org/errata/2005/0072/

http://www.us-cert.gov/cas/techalerts/TA06-132A.html

http://www.vupen.com/english/advisories/2005/2791

http://www.vupen.com/english/advisories/2006/0960

http://www.vupen.com/english/advisories/2006/1779

http://www.vupen.com/english/advisories/2008/0924/references

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855

https://usn.ubuntu.com/228-1/

Details

Source: MITRE

Published: 2005-12-08

Updated: 2018-10-19

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
31605Mac OS X Multiple Vulnerabilities (Security Update 2008-002)NessusMacOS X Local Security Checks
critical
22785Debian DSA-919-2 : curl - buffer overflowNessusDebian Local Security Checks
high
21973CentOS 4 : curl (CESA-2005:875)NessusCentOS Local Security Checks
medium
21483FreeBSD : curl -- URL buffer overflow vulnerability (9b4facec-6761-11da-99f6-00123ffe8333)NessusFreeBSD Local Security Checks
medium
3617Mac OS X Multiple Vulnerabilities (Security Update 2006-003)Nessus Network MonitorOperating System Detection
medium
3616Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
21341Mac OS X Multiple Vulnerabilities (Security Update 2006-003)NessusMacOS X Local Security Checks
critical
21160GLSA-200603-25 : OpenOffice.org: Heap overflow in included libcurlNessusGentoo Local Security Checks
medium
20771Ubuntu 4.10 / 5.04 / 5.10 : curl vulnerability (USN-228-1)NessusUbuntu Local Security Checks
medium
20455Mandrake Linux Security Advisory : curl (MDKSA-2005:224)NessusMandriva Local Security Checks
medium
20364RHEL 4 : curl (RHSA-2005:875)NessusRed Hat Local Security Checks
medium
20329GLSA-200512-09 : cURL: Off-by-one errors in URL handlingNessusGentoo Local Security Checks
medium
20289Fedora Core 4 : curl-7.13.1-4.fc4 (2005-1129)NessusFedora Local Security Checks
high
3318Curl < 7.15.1 Multiple Remote OverflowsNessus Network MonitorWeb Clients
critical
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
medium
3256Curl NTLM Buffer OverflowNessus Network MonitorWeb Clients
medium
3255GNU WGet < 1.10.2 Buffer OverflowNessus Network MonitorWeb Clients
medium
3505ClamAV < 0.88.1 Multiple Vulnerabilities (deprecated)Nessus Network MonitorWeb Clients
medium
801390Curl NTLM Buffer OverflowLog Correlation EngineWeb Clients
high
801386Curl <= 7.15.0 Multiple Remote OverflowsLog Correlation EngineWeb Clients
high
801197Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high