Security holes affect multiple Linux/Unix products

Attackers could exploit two flaws in cURL to launch malicious code on a variety of Linux-based operating systems.

Attackers could launch malicious code by exploiting vulnerabilities in a file transferring tool used in many Linux...

and Unix systems, according to two security firms.

Reston, Va.-based iDefense said the security holes exist in cURL/libcURL, a command line tool for transferring files with a URL syntax such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP.

iDefense said the first problem is a boundary error in the "Curl_input_ntlm()" function during NT Lan Manager (NTLM) authentication. By returning an overly long response when a user unwittingly connects to a malicious server, attackers can cause a stack-based buffer overflow and launch malicious code under the privileges of the victim.

The second problem is a boundary error in the "Curl_krb_kauth()" function during Kerberos authentication. Like the first glitch, an attacker could exploit this to launch malicious code by returning an overly long response when the victim connects to a malicious server.

Other news stories of interest

Vulnerabilities: The ripple effect and the components of doom

Fixes, workaround for Kerberos 5 vulnerability

Vulnerabilities in MIT Kerberos 5


iDefense said it confirmed the flaws in cURL version 7.12.1 and that earlier versions are likely affected as well. Any application built using a vulnerable version of libcURL will also be affected, the firm said.

Danish firm Secunia labeled the vulnerabilities "moderately critical" and noted that the vendor has issued a fix for the NTLM vulnerability. For the second flaw, the firm recommended users recompile cURL without Kerberos support.

The tool exists in a variety of Linux/Unix systems distributed by such vendors as Mandrake, Redhat, Debian, SUSE, Stampede, Connectiva, Gentoo and Fedora.

Dig Deeper on Alternative OS security: Mac, Linux, Unix, etc.



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: