Описание
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is to file integrity.
Отчет
This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' (with the '-O' option) and '-i' command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely running with the same privileges as the user, and thus the user can already overwrite all the files curl could overwrite. However, a local user will have to call curl with the '-J' and '-i' command line options while requesting content from a malicious server, which then opens up an opportunity for the malicious server to overwrite local files.
Меры по смягчению последствий
The vulnerability is only possible when using the '-J' and '-i' switches in conjunction with the curl command. Executing curl without these switches mitigates the flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21-curl | Not affected | ||
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-curl | Not affected | ||
| Red Hat Ceph Storage 2 | curl | Out of support scope | ||
| Red Hat Enterprise Linux 5 | curl | Not affected | ||
| Red Hat Enterprise Linux 6 | curl | Not affected | ||
| Red Hat JBoss Core Services | jbcs-httpd24-curl | Not affected | ||
| Red Hat Software Collections | httpd24-curl | Will not fix | ||
| Red Hat Enterprise Linux 7 | curl | Fixed | RHSA-2020:5002 | 10.11.2020 |
| Red Hat Enterprise Linux 8 | curl | Fixed | RHSA-2020:4599 | 04.11.2020 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | curl | Fixed | RHSA-2020:5417 | 15.12.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...
EPSS
5.4 Medium
CVSS3