Test Kennung:	1.3.6.1.4.1.25623.1.0.63515
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: curl
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: curl CVE-2009-0037 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/34138/ http://www.vuxml.org/freebsd/5d433534-f41c-402e-ade5-e0a2259a7cb6.html CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0037 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 33962 http://www.securityfocus.com/bid/33962 Bugtraq: 20090312 rPSA-2009-0042-1 curl (Google Search) http://www.securityfocus.com/archive/1/501757/100/0/threaded Bugtraq: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl (Google Search) http://www.securityfocus.com/archive/1/504849/100/0/threaded Debian Security Information: DSA-1738 (Google Search) http://www.debian.org/security/2009/dsa-1738 http://security.gentoo.org/glsa/glsa-200903-21.xml http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/ http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf http://lists.vmware.com/pipermail/security-announce/2009/000060.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074 http://www.redhat.com/support/errata/RHSA-2009-0341.html http://www.securitytracker.com/id?1021783 http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34237 http://secunia.com/advisories/34251 http://secunia.com/advisories/34255 http://secunia.com/advisories/34259 http://secunia.com/advisories/34399 http://secunia.com/advisories/35766 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602 SuSE Security Announcement: SUSE-SR:2009:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://www.ubuntu.com/usn/USN-726-1 http://www.vupen.com/english/advisories/2009/0581 http://www.vupen.com/english/advisories/2009/1865 XForce ISS Database: curl-location-security-bypass(49030) https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.