CVE-2005-4077 - Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to

CVE-2005-4077

Summary

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

References

Vulnerable Configurations

cpe:2.3:a:daniel_stenberg:curl:7.11.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.11.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.3:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.3:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.14:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.14:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.15:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.15:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:09:24.402-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10855

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2005:875

rpms

curl-0:7.12.1-8.rhel4
curl-debuginfo-0:7.12.1-8.rhel4
curl-devel-0:7.12.1-8.rhel4

refmap via4

apple	APPLE-SA-2006-05-11 APPLE-SA-2008-03-18
bid	15756 17951
bugtraq	20051207 Advisory 24/2005: libcurl URL parsing vulnerability
cert	TA06-132A
confirm	http://curl.haxx.se/docs/adv_20051207.html http://docs.info.apple.com/article.html?artnum=307562
debian	DSA-919
fedora	FEDORA-2005-1129
gentoo	GLSA-200512-09 GLSA-200603-25
mandriva	MDKSA-2005:224
misc	http://qa.openoffice.org/issues/show_bug.cgi?id=59032 http://www.hardened-php.net/advisory_242005.109.html
sco	SCOSA-2006.16
secunia	17907 17960 17961 17965 17977 18105 18188 18336 19261 19433 19457 20077
trustix	TSLSA-2005-0072
ubuntu	USN-228-1
vupen	ADV-2005-2791 ADV-2006-0960 ADV-2006-1779 ADV-2008-0924

Last major update

19-10-2018 - 15:40

Published

08-12-2005 - 01:03

Last modified

19-10-2018 - 15:40