CVE-2012-0036HIGH
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
References
http://curl.haxx.se/curl-url-sanitize.patch
http://curl.haxx.se/docs/adv_20120124.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://secunia.com/advisories/48256
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2012/dsa-2398
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/51665
http://www.securitytracker.com/id/1032924
https://bugzilla.redhat.com/show_bug.cgi?id=773457
https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 75806 | openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST) | Nessus | SuSE Local Security Checks | high |
| 74807 | openSUSE Security Update : curl (openSUSE-2012-76) (BEAST) | Nessus | SuSE Local Security Checks | high |
| 801396 | cURL/libcURL Remote Input Validation Vulnerability | Log Correlation Engine | Web Clients | medium |
| 6903 | cURL/libcURL Remote Input Validation | Nessus Network Monitor | Web Clients | high |
| 59851 | HP System Management Homepage < 7.1.1 Multiple Vulnerabilities | Nessus | Web Servers | critical |
| 6482 | Mac OS X 10.7 < 10.7.4 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 59066 | Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 58759 | Mandriva Linux Security Advisory : curl (MDVSA-2012:058) | Nessus | Mandriva Local Security Checks | high |
| 58212 | GLSA-201203-02 : cURL: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | high |
| 57897 | Fedora 15 : curl-7.21.3-13.fc15 (2012-0888) | Nessus | Fedora Local Security Checks | high |
| 57842 | SuSE 10 Security Update : curl (ZYPP Patch Number 7937) | Nessus | SuSE Local Security Checks | high |
| 57738 | Debian DSA-2398-2 : curl - several vulnerabilities (BEAST) | Nessus | Debian Local Security Checks | high |
| 57719 | Fedora 16 : curl-7.21.7-6.fc16 (2012-0894) | Nessus | Fedora Local Security Checks | high |
| 57689 | Ubuntu 10.10 / 11.04 / 11.10 : curl vulnerability (USN-1346-1) | Nessus | Ubuntu Local Security Checks | high |