int(1400)

Vulnerability Bulletins


Múltiples desbordamientos de búfer en cURL/libcURL

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information

Property Value
Affected manufacturer GNU/Linux
Affected software cURL <=7.12.1

Description

Se han descubierto múltiples vulnerabilidades de desbordamiento de búfer en la versión 7.12.1 y anteriores de cURL. Hay que destacar que cualquier aplicación que utilice una versión vulnerable de libcURL también se ve afectada por estas vulnerabilidades.

Las vulnerabilidades residen en las implementaciones de las autenticaciones Kerberos y NTLM, concretamente en el manejo de payloads codificados en base64.

La explotación de estas vulnerabilidades podría permitir a un atacante remoto ejecutar código arbitrario mediante el uso de un servidor que utilice autenticación Kerberos o NTLM y al que la víctima se debe conectar.

Solution



Actualización de software

SUSE Linux

SUSE Linux 9.2
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/curl-7.12.0-2.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/curl-devel-7.12.0-2.2.i586.rpm
x86-64
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/curl-7.12.0-2.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/curl-devel-7.12.0-2.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/curl-7.12.0-2.2.src.rpm

SUSE Linux 9.1
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/curl-7.11.0-39.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/curl-devel-7.11.0-39.4.i586.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/curl-7.11.0-39.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/curl-devel-7.11.0-39.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/curl-7.11.0-39.4.src.rpm

Mandrake Linux

Mandrakelinux 10.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/curl-7.11.0-2.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libcurl2-7.11.0-2.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libcurl2-devel-7.11.0-2.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/curl-7.11.0-2.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64curl2-7.11.0-2.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64curl2-devel-7.11.0-2.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm

Mandrakelinux 10.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/curl-7.12.1-1.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libcurl3-7.12.1-1.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libcurl3-devel-7.12.1-1.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/curl-7.12.1-1.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64curl3-7.12.1-1.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm

Corporate Server 3.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libcurl2-7.11.0-2.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libcurl2-devel-7.11.0-2.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64curl2-7.11.0-2.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64curl2-devel-7.11.0-2.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm

Red Hat Linux
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 Itanium Processor
https://rhn.redhat.com/

Standar resources

Property Value
CVE CAN-2005-0490
BID

Other resources

iDEFENSE Security Advisory 02.21.05 ID 202
http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities

iDEFENSE Security Advisory 02.21.05 ID 203
http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities

SUSE Security Announcement SUSE-SA:2005:011
http://www.novell.com/linux/security/advisories/2005_11_curl.html

Mandrakesoft Security Advisories MDKSA-2005:048
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:048

Red Hat Security Advisory RHSA-2005:340-09
https://rhn.redhat.com/errata/RHSA-2005-340.html

Version history

Version Comments Date
1.0 Aviso emitido 2005-02-22
1.1 Aviso emitido por SUSE (SUSE-SA:2005:011) 2005-03-01
1.2 Aviso emitido por Mandrake (MDKSA-2005:048) 2005-03-07
1.3 Aviso emitido por Red Hat (RHSA-2005:340-09) 2005-04-06
Ministerio de Defensa
CNI
CCN
CCN-CERT