Security update for cURL
A security update for cURL, the file transfer utility, and its associated libcurl library has been released to fix a vulnerability which could allow an attacker to examine files on a system, or possibly even write files. The cause of the problem is the cURL (Client for URL) automatic redirection feature.
This allows a remote site to redirect http:// requests to file:// which would then read a local file. A site that used cURL based applications could be tricked into downloading from what it thinks is a http:// URL and find itself redirected to using a local file, which may then be exposed in some other way by the site. According to the advisory the problem can also be exploited to overwrite local files. If SCP support has been enabled in libcurl, there is also a possibility that using embedded semi-colons can be used to execute commands on a server.
Versions of cURL and libcurl from version 5.11 up to and including 7.19.3 are vulnerable; versions before 5.11 and after 7.19.3 are not vulnerable. Version 7.19.4 and patches for older versions are available from the developers.
- libcurl Arbitrary File Access, cURL developers advisory.
- USN-726-1 - curl vulnerability, Ubuntu notice.