FreeBSD : curl -- cURL/libcURL Location: Redirect URLs Security Bypass (5d433534-f41c-402e-ade5-e0a2259a7cb6)
Medium Nessus Plugin ID 35770
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
The security issue is caused due to cURL following HTTP Location :
redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.
SolutionUpdate the affected package.