Test ID:	1.3.6.1.4.1.25623.1.0.56035
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:875
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2005:875. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. Stefan Esser discovered an off-by-one bug in curl. It may be possible to execute arbitrary code on a user's machine if the user can be tricked into executing curl with a carefully crafted URL. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-4077 to this issue. All users of curl are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-875.html Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	BugTraq ID: 17951 BugTraq ID: 15756 Common Vulnerability Exposure (CVE) ID: CVE-2005-4077 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://www.securityfocus.com/bid/15756 http://www.securityfocus.com/bid/17951 Bugtraq: 20051207 Advisory 24/2005: libcurl URL parsing vulnerability (Google Search) http://www.securityfocus.com/archive/1/418849/100/0/threaded Cert/CC Advisory: TA06-132A http://www.us-cert.gov/cas/techalerts/TA06-132A.html Debian Security Information: DSA-919 (Google Search) http://www.debian.org/security/2005/dsa-919 http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:224 http://qa.openoffice.org/issues/show_bug.cgi?id=59032 http://www.hardened-php.net/advisory_242005.109.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855 http://www.redhat.com/support/errata/RHSA-2005-875.html SCO Security Bulletin: SCOSA-2006.16 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt http://secunia.com/advisories/17907 http://secunia.com/advisories/17960 http://secunia.com/advisories/17961 http://secunia.com/advisories/17965 http://secunia.com/advisories/17977 http://secunia.com/advisories/18105 http://secunia.com/advisories/18188 http://secunia.com/advisories/18336 http://secunia.com/advisories/19261 http://secunia.com/advisories/19433 http://secunia.com/advisories/19457 http://secunia.com/advisories/20077 http://www.trustix.org/errata/2005/0072/ https://usn.ubuntu.com/228-1/ http://www.vupen.com/english/advisories/2005/2791 http://www.vupen.com/english/advisories/2006/0960 http://www.vupen.com/english/advisories/2006/1779 http://www.vupen.com/english/advisories/2008/0924/references
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.