VUPEN Security - Fedora Security Update Fixes cURL Buffer Overflow Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes cURL Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes cURL Buffer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2813
CVE ID : CVE-2005-4077
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-09

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Fedora has released updated packages to address a vulnerability identified in cURL. This flaw is due to a buffer overflow error in "lib/url.c" when processing overly long URLs, which could be exploited by attackers to execute arbitrary commands. For additional information, see : VUPEN/ADV-2005-2791

Affected Products

Fedora Core 4
Fedora Core 3

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

d77288accaa52f1a3e1e8962b1bb71bc SRPMS/curl-7.12.3-5.fc3.src.rpm
44947bef582527e53923bdc11019c845 x86_64/curl-7.12.3-5.fc3.x86_64.rpm
be3f7def626bb055d27d3774cd491ab3 x86_64/curl-devel-7.12.3-5.fc3.x86_64.rpm
3cf3db58fcec9f8d884ea622c976e3f8 x86_64/debug/curl-debuginfo-7.12.3-5.fc3.x86_64.rpm
6f8c289bf75596520d0b187a7a4f8c36 x86_64/curl-7.12.3-5.fc3.i386.rpm
6f8c289bf75596520d0b187a7a4f8c36 i386/curl-7.12.3-5.fc3.i386.rpm
64e7511fc130812f80f9998317b63f3d i386/curl-devel-7.12.3-5.fc3.i386.rpm
cb7b31af4f5604b42f975251ae2751dc i386/debug/curl-debuginfo-7.12.3-5.fc3.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

74b3bde858c6abdf1f6173ea3458ebd5 SRPMS/curl-7.13.1-4.fc4.src.rpm
8cea2486a41145f679f874ee2b34a95a ppc/curl-7.13.1-4.fc4.ppc.rpm
f9073446909237a740d65c91e07c0b19 ppc/curl-devel-7.13.1-4.fc4.ppc.rpm
29605be75615315af71cdbd630415c9e ppc/debug/curl-debuginfo-7.13.1-4.fc4.ppc.rpm
c1b306563f458643580eda3dde3c005c ppc/curl-7.13.1-4.fc4.ppc64.rpm
06a2524c2d80370fa476638e4c533eaf x86_64/curl-7.13.1-4.fc4.x86_64.rpm
d79a0c56021eb3c9bb330bf9b5bba02c x86_64/curl-devel-7.13.1-4.fc4.x86_64.rpm
08f9f0fd6d073a56f66256e431b3cdee x86_64/debug/curl-debuginfo-7.13.1-4.fc4.x86_64.rpm
d837fbe6934a6cf6b93400229a8957f5 x86_64/curl-7.13.1-4.fc4.i386.rpm
d837fbe6934a6cf6b93400229a8957f5 i386/curl-7.13.1-4.fc4.i386.rpm
46eeb963c21692012022757a0a2b134d i386/curl-devel-7.13.1-4.fc4.i386.rpm
81f4181f4bf33ebcb4a31946bfd1b26b i386/debug/curl-debuginfo-7.13.1-4.fc4.i386.rpm

References

http://www.vupen.com/english/advisories/2005/2813
http://www.frsirt.com/english/reference/2160
http://www.frsirt.com/english/reference/2161

ChangeLog

2005-12-09 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-19

CA ARCserve Backup JRE Code Execution and Security Bypass Issues

>> 2010-03-19

Debian Security Update Fixes PHP XML-RPC Denial of Service Issue

>> 2010-03-19

Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities

>> 2010-03-18

IBM DB2 Content Manager Web Services Single Sign-on Vulnerability

>> 2010-03-18

Transmission "tr_magnetParse()" Magnet Buffer Overflow Vulnerability

More Informations