Curl < 7.15.3 TFTP URL Parsing Overflow

high Nessus Network Monitor Plugin ID 3481

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is using a version of curl (or libcurl) that is vulnerable to a remote buffer overflows. An attacker would have to set up a rogue web server and entice a curl user to browse to the malicious server to exploit this vulnerability. Upon successful exploitation, the attacker would be able to execute arbitrary commands with the rights of the web server. The specific flaw occurs when processing long 'tftp://' URIs. E.g., tftp://www.somesite.com/[512 bytes]

Solution

Upgrade to version 7.15.3 or higher.

See Also

http://curl.haxx.se

Plugin Details

Severity: High

ID: 3481

Family: Web Clients

Published: 3/20/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:haxx:curl

Reference Information

CVE: CVE-2006-1061

BID: 17154