126942 – <net-misc/curl-7.15.3: heap based buffer overflow (CVE-2006-1061)

Bug 126942 - <net-misc/curl-7.15.3: heap based buffer overflow (CVE-2006-1061)

Summary: <net-misc/curl-7.15.3: heap based buffer overflow (CVE-2006-1061)

Status:	RESOLVED DUPLICATE of bug 125766

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-03-20 05:13 UTC by Carsten Lohrke (RETIRED)
Modified:	2006-03-20 06:31 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carsten Lohrke (RETIRED) gentoo-dev

2006-03-20 05:13:02 UTC

libcurl uses the given file part of a TFTP URL in a manner that allows a
malicious user to overflow a heap-based memory buffer due to the lack of
boundary check.
 
This overflow happens if you pass in a URL with a TFTP protocol prefix
("tftp://"), using a valid host and a path part that is longer than 512 bytes.
 
The affected flaw can be triggered by a redirect, if curl/libcurl is told to
follow redirects and an HTTP server points the client to a tftp URL with the
characteristics described above.
 
There is no known exploit at the time of this writing.


http://curl.haxx.se/docs/adv_20060320.html

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-03-20 06:31:31 UTC


*** This bug has been marked as a duplicate of 125766 ***