Detections
Analytics
FreeBSD : curl -- URL buffer overflow vulnerability (9b4facec-6761-11da-99f6-00123ffe8333)
medium Nessus Plugin ID 21483
Synopsis
The remote FreeBSD host is missing a security-related update.Description
A Project cURL Security Advisory reports :libcurl's URL parser function can overflow a malloced buffer in two ways, if given a too long URL.
1 - pass in a URL with no protocol (like 'http://') prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of the malloced buffer.
2 - pass in a URL with only a question mark as separator (no slash) between the host and the query part of the URL. This leads to a single zero byte overflow of the malloced buffer.
Both overflows can be made with the same input string, leading to two single zero byte overwrites.
The affected flaw cannot be triggered by a redirect, but the long URL must be passed in 'directly' to libcurl. It makes this a 'local' problem. Of course, lots of programs may still pass in user-provided URLs to libcurl without doing much syntax checking of their own, allowing a user to exploit this vulnerability.
Solution
Update the affected package.See Also
https://curl.haxx.se/docs/CVE-2005-4077.html
Plugin Details
Severity: Medium
ID: 21483
File Name: freebsd_pkg_9b4facec676111da99f600123ffe8333.nasl
Version: 1.16
Type: local
Family: FreeBSD Local Security Checks
Published: 5/13/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:curl, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 12/9/2005
Vulnerability Publication Date: 12/7/2005
Reference Information
CVE: CVE-2005-4077
BID: 15756
Secunia: 17907