English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63506
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-726-1 (curl)
Summary:Ubuntu USN-726-1 (curl)
Description:The remote host is missing an update to curl
announced via advisory USN-726-1.

Details follow:

It was discovered that curl did not enforce any restrictions when following
URL redirects. If a user or automated system were tricked into opening a URL to
an untrusted server, an attacker could use redirects to gain access to abitrary
files. This update changes curl behavior to prevent following file URLs after
a redirect.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libcurl3 7.15.1-1ubuntu3.1
libcurl3-gnutls 7.15.1-1ubuntu3.1

Ubuntu 7.10:
libcurl3 7.16.4-2ubuntu1.1
libcurl3-gnutls 7.16.4-2ubuntu1.1

Ubuntu 8.04 LTS:
libcurl3 7.18.0-1ubuntu2.1
libcurl3-gnutls 7.18.0-1ubuntu2.1

Ubuntu 8.10:
libcurl3 7.18.2-1ubuntu4.1
libcurl3-gnutls 7.18.2-1ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-726-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0037
Bugtraq: 20090312 rPSA-2009-0042-1 curl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501757/100/0/threaded
Bugtraq: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504849/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Debian Security Information: DSA-1738 (Google Search)
http://www.debian.org/security/2009/dsa-1738
http://security.gentoo.org/glsa/glsa-200903-21.xml
http://www.redhat.com/support/errata/RHSA-2009-0341.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
SuSE Security Announcement: SUSE-SR:2009:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://www.ubuntu.com/usn/USN-726-1
BugTraq ID: 33962
http://www.securityfocus.com/bid/33962
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11054
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6074
http://www.securitytracker.com/id?1021783
http://secunia.com/advisories/34138
http://secunia.com/advisories/34202
http://secunia.com/advisories/34255
http://secunia.com/advisories/34259
http://secunia.com/advisories/34237
http://secunia.com/advisories/34251
http://secunia.com/advisories/34399
http://secunia.com/advisories/35766
http://www.vupen.com/english/advisories/2009/0581
http://www.vupen.com/english/advisories/2009/1865
XForce ISS Database: curl-location-security-bypass(49030)
http://xforce.iss.net/xforce/xfdb/49030
Common Vulnerability Exposure (CVE) ID: CVE-2008-5005
Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498002/100/0/threaded
http://marc.info/?l=full-disclosure&m=122572590212610&w=4
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
http://www.openwall.com/lists/oss-security/2008/11/03/3
http://www.openwall.com/lists/oss-security/2008/11/03/4
http://www.openwall.com/lists/oss-security/2008/11/03/5
http://www.bitsec.com/en/rad/bsa-081103.c
http://www.bitsec.com/en/rad/bsa-081103.txt
http://www.washington.edu/alpine/tmailbug.html
Debian Security Information: DSA-1685 (Google Search)
http://www.debian.org/security/2008/dsa-1685
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
RedHat Security Advisories: RHSA-2009:0275
http://rhn.redhat.com/errata/RHSA-2009-0275.html
BugTraq ID: 32072
http://www.securityfocus.com/bid/32072
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10485
http://www.vupen.com/english/advisories/2008/3042
http://securitytracker.com/id?1021131
http://secunia.com/advisories/32483
http://secunia.com/advisories/32512
http://secunia.com/advisories/33142
http://secunia.com/advisories/33996
http://securityreason.com/securityalert/4570
XForce ISS Database: uwimapd-tmail-bo(46281)
http://xforce.iss.net/xforce/xfdb/46281
Common Vulnerability Exposure (CVE) ID: CVE-2009-0365
Debian Security Information: DSA-1955 (Google Search)
http://www.debian.org/security/2009/dsa-1955
http://www.redhat.com/support/errata/RHSA-2009-0362.html
http://www.redhat.com/support/errata/RHSA-2009-0361.html
SuSE Security Announcement: SUSE-SA:2009:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.ubuntu.com/usn/USN-727-1
http://www.ubuntu.com/usn/USN-727-2
BugTraq ID: 33966
http://www.securityfocus.com/bid/33966
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10828
http://www.securitytracker.com/id?1021908
http://securitytracker.com/id?1021910
http://securitytracker.com/id?1021911
http://secunia.com/advisories/34177
http://secunia.com/advisories/34473
http://secunia.com/advisories/34067
XForce ISS Database: networkmanager-dbus-info-disclosure(49062)
http://xforce.iss.net/xforce/xfdb/49062
Common Vulnerability Exposure (CVE) ID: CVE-2009-0619
Cisco Security Advisory: 20090304 Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a80faa.shtml
BugTraq ID: 33975
http://www.securityfocus.com/bid/33975
http://www.securitytracker.com/id?1021787
XForce ISS Database: cisco-sbc-dos(49055)
http://xforce.iss.net/xforce/xfdb/49055
Common Vulnerability Exposure (CVE) ID: CVE-2009-0537
http://securityreason.com/achievement_securityalert/60
Bugtraq: 20090305 libc:fts_*():multiple vendors, Denial-of-service (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501505/100/0/threaded
http://www.milw0rm.com/exploits/8163
BugTraq ID: 34008
http://www.securityfocus.com/bid/34008
http://www.securitytracker.com/id?1021818
Common Vulnerability Exposure (CVE) ID: CVE-2009-0775
Debian Security Information: DSA-1751 (Google Search)
http://www.debian.org/security/2009/dsa-1751
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.redhat.com/support/errata/RHSA-2009-0325.html
SuSE Security Announcement: SUSE-SA:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
BugTraq ID: 33990
http://www.securityfocus.com/bid/33990
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5806
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5816
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6207
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7584
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9681
http://www.securitytracker.com/id?1021796
http://secunia.com/advisories/34145
http://secunia.com/advisories/34272
http://secunia.com/advisories/34383
http://secunia.com/advisories/34324
http://secunia.com/advisories/34417
http://secunia.com/advisories/34137
http://secunia.com/advisories/34140
http://www.vupen.com/english/advisories/2009/0632
Common Vulnerability Exposure (CVE) ID: CVE-2007-4850
http://securityreason.com/achievement_securityalert/51
Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search)
http://www.securityfocus.com/archive/1/archive/1/486856/100/0/threaded
Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492671/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.ubuntu.com/usn/usn-628-1
BugTraq ID: 27413
http://www.securityfocus.com/bid/27413
BugTraq ID: 29009
http://www.securityfocus.com/bid/29009
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/30048
http://secunia.com/advisories/30411
http://secunia.com/advisories/31200
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://securityreason.com/securityalert/3562
XForce ISS Database: php-curlinit-security-bypass(39852)
http://xforce.iss.net/xforce/xfdb/39852
XForce ISS Database: php-safemode-directive-security-bypass(42134)
http://xforce.iss.net/xforce/xfdb/42134
Common Vulnerability Exposure (CVE) ID: CVE-2008-5557
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Debian Security Information: DSA-1789 (Google Search)
http://www.debian.org/security/2009/dsa-1789
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: HPSBMA02492
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
HPdes Security Advisory: SSRT100079
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
http://www.redhat.com/support/errata/RHSA-2009-0350.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 32948
http://www.securityfocus.com/bid/32948
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10286
http://securitytracker.com/id?1021482
http://secunia.com/advisories/34642
http://secunia.com/advisories/35003
http://secunia.com/advisories/35074
http://secunia.com/advisories/35306
http://secunia.com/advisories/35650
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: php-multibyte-bo(47525)
http://xforce.iss.net/xforce/xfdb/47525
Common Vulnerability Exposure (CVE) ID: CVE-2009-0754
http://www.openwall.com/lists/oss-security/2009/01/30/1
http://www.openwall.com/lists/oss-security/2009/02/03/3
http://www.openwall.com/lists/oss-security/2009/02/25/3
http://www.ubuntulinux.org/support/documentation/usn/usn-761-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11035
http://www.securitytracker.com/id?1021979
http://secunia.com/advisories/34830
http://secunia.com/advisories/35007
Common Vulnerability Exposure (CVE) ID: CVE-2009-0544
http://www.openwall.com/lists/oss-security/2009/02/07/1
http://www.openwall.com/lists/oss-security/2009/02/12/5
http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:049
http://www.mandriva.com/security/advisories?name=MDVSA-2009:050
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
BugTraq ID: 33674
http://www.securityfocus.com/bid/33674
http://secunia.com/advisories/34199
http://secunia.com/advisories/35065
XForce ISS Database: pycrypto-arc2module-bo(48617)
http://xforce.iss.net/xforce/xfdb/48617
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.