Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes cURL Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes cURL Buffer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2813
CVE ID : CVE-2005-4077
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-09

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

Fedora has released updated packages to address a vulnerability identified in cURL. This flaw is due to a buffer overflow error in "lib/url.c" when processing overly long URLs, which could be exploited by attackers to execute arbitrary commands. For additional information, see : VUPEN/ADV-2005-2791

Affected Products

Fedora Core 4
Fedora Core 3

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

d77288accaa52f1a3e1e8962b1bb71bc SRPMS/curl-7.12.3-5.fc3.src.rpm
44947bef582527e53923bdc11019c845 x86_64/curl-7.12.3-5.fc3.x86_64.rpm
be3f7def626bb055d27d3774cd491ab3 x86_64/curl-devel-7.12.3-5.fc3.x86_64.rpm
3cf3db58fcec9f8d884ea622c976e3f8 x86_64/debug/curl-debuginfo-7.12.3-5.fc3.x86_64.rpm
6f8c289bf75596520d0b187a7a4f8c36 x86_64/curl-7.12.3-5.fc3.i386.rpm
6f8c289bf75596520d0b187a7a4f8c36 i386/curl-7.12.3-5.fc3.i386.rpm
64e7511fc130812f80f9998317b63f3d i386/curl-devel-7.12.3-5.fc3.i386.rpm
cb7b31af4f5604b42f975251ae2751dc i386/debug/curl-debuginfo-7.12.3-5.fc3.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

74b3bde858c6abdf1f6173ea3458ebd5 SRPMS/curl-7.13.1-4.fc4.src.rpm
8cea2486a41145f679f874ee2b34a95a ppc/curl-7.13.1-4.fc4.ppc.rpm
f9073446909237a740d65c91e07c0b19 ppc/curl-devel-7.13.1-4.fc4.ppc.rpm
29605be75615315af71cdbd630415c9e ppc/debug/curl-debuginfo-7.13.1-4.fc4.ppc.rpm
c1b306563f458643580eda3dde3c005c ppc/curl-7.13.1-4.fc4.ppc64.rpm
06a2524c2d80370fa476638e4c533eaf x86_64/curl-7.13.1-4.fc4.x86_64.rpm
d79a0c56021eb3c9bb330bf9b5bba02c x86_64/curl-devel-7.13.1-4.fc4.x86_64.rpm
08f9f0fd6d073a56f66256e431b3cdee x86_64/debug/curl-debuginfo-7.13.1-4.fc4.x86_64.rpm
d837fbe6934a6cf6b93400229a8957f5 x86_64/curl-7.13.1-4.fc4.i386.rpm
d837fbe6934a6cf6b93400229a8957f5 i386/curl-7.13.1-4.fc4.i386.rpm
46eeb963c21692012022757a0a2b134d i386/curl-devel-7.13.1-4.fc4.i386.rpm
81f4181f4bf33ebcb4a31946bfd1b26b i386/debug/curl-debuginfo-7.13.1-4.fc4.i386.rpm

References

http://www.vupen.com/english/advisories/2005/2813
http://www.frsirt.com/english/reference/2160
http://www.frsirt.com/english/reference/2161

ChangeLog

2005-12-09 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy