what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-069

Mandriva Linux Security Advisory 2009-069
Posted Mar 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-069 - A security vulnerability has been identified and fixed in curl, which could allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. The updated packages have been patched to prevent this.

tags | advisory, remote, web, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0037
SHA-256 | 6eafd705c31be69b6d23dbd9e55281ae1dc6869a2902eee1d33f7db0615634fe

Mandriva Linux Security Advisory 2009-069

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:069
http://www.mandriva.com/security/
_______________________________________________________________________

Package : curl
Date : March 6, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A security vulnerability has been identified and fixed in curl, which
could allow remote HTTP servers to (1) trigger arbitrary requests to
intranet servers, (2) read or overwrite arbitrary files via a redirect
to a file: URL, or (3) execute arbitrary commands via a redirect to
an scp: URL (CVE-2009-0037).

The updated packages have been patched to prevent this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
67e1fb1335abc2721ce040ce5ebffcb1 2008.0/i586/curl-7.16.4-2.1mdv2008.0.i586.rpm
605b696753bcaba3f7bca0080e454a03 2008.0/i586/libcurl4-7.16.4-2.1mdv2008.0.i586.rpm
0d765f46a89a73af026ffcd5ab0bf375 2008.0/i586/libcurl-devel-7.16.4-2.1mdv2008.0.i586.rpm
5b41fd64ace9251752278ab51c485283 2008.0/SRPMS/curl-7.16.4-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
cbb9fafd973426a0a572ed7c0c58a556 2008.0/x86_64/curl-7.16.4-2.1mdv2008.0.x86_64.rpm
cd427c136cf760b06ec4f8530f0c6d6d 2008.0/x86_64/lib64curl4-7.16.4-2.1mdv2008.0.x86_64.rpm
5e5fabf4303b50f68ea2ea3ca6c0819e 2008.0/x86_64/lib64curl-devel-7.16.4-2.1mdv2008.0.x86_64.rpm
5b41fd64ace9251752278ab51c485283 2008.0/SRPMS/curl-7.16.4-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
372d19020afefeef9d9c076fdbcfe927 2008.1/i586/curl-7.18.0-1.1mdv2008.1.i586.rpm
8bc3d07c59a1ba1da24ecfe7ecea99ba 2008.1/i586/curl-examples-7.18.0-1.1mdv2008.1.i586.rpm
691fd3f6beb73d0c273ba22dd8edcf84 2008.1/i586/libcurl4-7.18.0-1.1mdv2008.1.i586.rpm
f40887d0d032930f77486e9e41360ad6 2008.1/i586/libcurl-devel-7.18.0-1.1mdv2008.1.i586.rpm
e9648a229edfb28f7fa366c833517573 2008.1/SRPMS/curl-7.18.0-1.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
708a7b7555fc5de3fa5fe984aa2f5a62 2008.1/x86_64/curl-7.18.0-1.1mdv2008.1.x86_64.rpm
54c16d007a21e88af81907c60c3846de 2008.1/x86_64/curl-examples-7.18.0-1.1mdv2008.1.x86_64.rpm
e01f05c2973809b42dbbc86ecd42845b 2008.1/x86_64/lib64curl4-7.18.0-1.1mdv2008.1.x86_64.rpm
c09950e7fcc52961f95c2aae7a83af39 2008.1/x86_64/lib64curl-devel-7.18.0-1.1mdv2008.1.x86_64.rpm
e9648a229edfb28f7fa366c833517573 2008.1/SRPMS/curl-7.18.0-1.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
12514e678a4b04123f00bc422fcf9a3a 2009.0/i586/curl-7.19.0-2.2mdv2009.0.i586.rpm
4a250c02f083f2729cfe7d23c903a386 2009.0/i586/curl-examples-7.19.0-2.2mdv2009.0.i586.rpm
f6b909859eec695f753ddba2d716b5a2 2009.0/i586/libcurl4-7.19.0-2.2mdv2009.0.i586.rpm
e5a953b568c4b8ccebe66a300885747d 2009.0/i586/libcurl-devel-7.19.0-2.2mdv2009.0.i586.rpm
ebf22a3c6aa9e18847ec6c3311beb64b 2009.0/SRPMS/curl-7.19.0-2.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
e799091f80c2c44b629fc144b48effa1 2009.0/x86_64/curl-7.19.0-2.2mdv2009.0.x86_64.rpm
227315c6aefc62e9a1dd7750a3b0d81a 2009.0/x86_64/curl-examples-7.19.0-2.2mdv2009.0.x86_64.rpm
69c5335dcbe6f08fc67582bb5862ed55 2009.0/x86_64/lib64curl4-7.19.0-2.2mdv2009.0.x86_64.rpm
f01ec9b830763e5f01d799da687ec605 2009.0/x86_64/lib64curl-devel-7.19.0-2.2mdv2009.0.x86_64.rpm
ebf22a3c6aa9e18847ec6c3311beb64b 2009.0/SRPMS/curl-7.19.0-2.2mdv2009.0.src.rpm

Corporate 3.0:
4df533f45f46c2891c87dcc108aa05e6 corporate/3.0/i586/curl-7.11.0-2.3.C30mdk.i586.rpm
bbb9558c954aa6b881db878e3cb5e340 corporate/3.0/i586/libcurl2-7.11.0-2.3.C30mdk.i586.rpm
3373382bebf28906bcb2c8a00e129ce0 corporate/3.0/i586/libcurl2-devel-7.11.0-2.3.C30mdk.i586.rpm
45d58f4c743fd8cd0b44836ade158c85 corporate/3.0/SRPMS/curl-7.11.0-2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
ca7ddd09a8a21b18a8a7ab32ab49516c corporate/3.0/x86_64/curl-7.11.0-2.3.C30mdk.x86_64.rpm
3323f2165b8f0df55263222ca8bf1f0a corporate/3.0/x86_64/lib64curl2-7.11.0-2.3.C30mdk.x86_64.rpm
3ea5fa46f598f2008296781c5b613e7f corporate/3.0/x86_64/lib64curl2-devel-7.11.0-2.3.C30mdk.x86_64.rpm
45d58f4c743fd8cd0b44836ade158c85 corporate/3.0/SRPMS/curl-7.11.0-2.3.C30mdk.src.rpm

Corporate 4.0:
17241516d56baf7ba941065eed496ff5 corporate/4.0/i586/curl-7.14.0-2.3.20060mdk.i586.rpm
9fbef738cadfc9158b3eec6cfaf66507 corporate/4.0/i586/libcurl3-7.14.0-2.3.20060mdk.i586.rpm
0f934115755545407f79eada30feda35 corporate/4.0/i586/libcurl3-devel-7.14.0-2.3.20060mdk.i586.rpm
132009109cdf739189bc194c222080dc corporate/4.0/SRPMS/curl-7.14.0-2.3.20060mdk.src.rpm

Corporate 4.0/X86_64:
367d03b3f185b9ad37fd5c28e0ea956b corporate/4.0/x86_64/curl-7.14.0-2.3.20060mdk.x86_64.rpm
11353510721cc81b4d47defcdff0c655 corporate/4.0/x86_64/lib64curl3-7.14.0-2.3.20060mdk.x86_64.rpm
4b0f21ce51e858915ba7a403365d8c3b corporate/4.0/x86_64/lib64curl3-devel-7.14.0-2.3.20060mdk.x86_64.rpm
132009109cdf739189bc194c222080dc corporate/4.0/SRPMS/curl-7.14.0-2.3.20060mdk.src.rpm

Multi Network Firewall 2.0:
2319fdfd00d3cc01d7c219f7fafc2e4d mnf/2.0/i586/curl-7.11.0-2.3.C30mdk.i586.rpm
a14ae20d122b773438335669b258c7fa mnf/2.0/i586/libcurl2-7.11.0-2.3.C30mdk.i586.rpm
6b6235adcac53c26ae2f96c824db5fe7 mnf/2.0/i586/libcurl2-devel-7.11.0-2.3.C30mdk.i586.rpm
bf370dbbaed4785446495eb94d4d8c39 mnf/2.0/SRPMS/curl-7.11.0-2.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJsZacmqjQ0CJFipgRAvzaAKDcbRIdXyZINwGJzH0leUmSPF2OoACfZH/6
eN2UMLpTDvoCyXXeRz3oDpc=
=37RE
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close