Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes cURL Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes cURL Buffer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2852
CVE ID : CVE-2005-4077
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-13

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

Fedora has released updated packages to address a vulnerability identified in cURL/libcURL. This flaw is due to a buffer overflow error in "lib/url.c" when processing overly long URLs, which could be exploited by attackers to execute arbitrary commands. For additional information, see : VUPEN/ADV-2005-2791

Affected Products

Fedora Core 3
Fedora Core 4

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

05ed3e00e72fb2801f5b1c863a9736d0 SRPMS/curl-7.12.3-6.fc3.src.rpm
45c71e917ecdf390bb716ef4c6e33e60 x86_64/curl-7.12.3-6.fc3.x86_64.rpm
901af2bd102cfe441bbea6e386813586 x86_64/curl-devel-7.12.3-6.fc3.x86_64.rpm
58c35cc4154a0ae41a73d5ded73204bf x86_64/debug/curl-debuginfo-7.12.3-6.fc3.x86_64.rpm
86d05d9970d4768ba1755c8d98506d58 x86_64/curl-7.12.3-6.fc3.i386.rpm
86d05d9970d4768ba1755c8d98506d58 i386/curl-7.12.3-6.fc3.i386.rpm
88935de6a6957572a5526ff1ca6ee490 i386/curl-devel-7.12.3-6.fc3.i386.rpm
b2179296e7040835dc109358945ded54 i386/debug/curl-debuginfo-7.12.3-6.fc3.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

6bf9563972cc07ffed5f95b415e3818d SRPMS/curl-7.13.1-5.fc4.src.rpm
e94684ec8fe0b1d9e9c26f3e2115df9b ppc/curl-7.13.1-5.fc4.ppc.rpm
f27d7a8234a1706d01e0f5967f65ffdc ppc/curl-devel-7.13.1-5.fc4.ppc.rpm
f6e64be03c3c7b0acab7083a415db4ee ppc/debug/curl-debuginfo-7.13.1-5.fc4.ppc.rpm
10031fe26c4ebd2465c8e46d36654dac ppc/curl-7.13.1-5.fc4.ppc64.rpm
3bf46325b302d9e607959d8fb643b848 x86_64/curl-7.13.1-5.fc4.x86_64.rpm
ac9e7cb563e020e9461b64cfefc29f4b x86_64/curl-devel-7.13.1-5.fc4.x86_64.rpm
b52ada72403372b54aa9d97be2f553e7 x86_64/debug/curl-debuginfo-7.13.1-5.fc4.x86_64.rpm
ee7edbd4508ba326e2448aa436d93cb4 x86_64/curl-7.13.1-5.fc4.i386.rpm
ee7edbd4508ba326e2448aa436d93cb4 i386/curl-7.13.1-5.fc4.i386.rpm
543716673032396b4e69329772abe80b i386/curl-devel-7.13.1-5.fc4.i386.rpm
a7fd5577910c7f0348e5f9449913c31a i386/debug/curl-debuginfo-7.13.1-5.fc4.i386.rpm

References

http://www.vupen.com/english/advisories/2005/2852
http://www.frsirt.com/english/reference/2347
http://www.frsirt.com/english/reference/2348

ChangeLog

2005-12-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy