Описание
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If curl operates on a URL provided by a user, a user can exploit that and pass in a URL to a malicious FTP server instance without needing any server breach to perform the attack.
Меры по смягчению последствий
This flaw can be mitigated in curl as shipped with Red Hat Enterprise Linux and Red Hat Software Collections when using curl by passing the --ftp-skip-pasv-ip command line option to curl. For usage of libcurl, set CURLOPT_FTP_SKIP_PASV_IP to 1L[1]. Note that these mitigations could cause problems in the uncommon instance that the server needs the client to connect back to an IP other than the control connection IP address.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21-curl | Not affected | ||
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-curl | Not affected | ||
| Red Hat Ceph Storage 2 | curl | Out of support scope | ||
| Red Hat Enterprise Linux 5 | curl | Out of support scope | ||
| Red Hat Enterprise Linux 6 | curl | Out of support scope | ||
| Red Hat Enterprise Linux 7 | curl | Out of support scope | ||
| Red Hat Software Collections | httpd24-curl | Will not fix | ||
| JBoss Core Services Apache HTTP Server 2.4.37 SP8 | jbcs-httpd24-curl | Fixed | RHSA-2021:2471 | 17.06.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24 | Fixed | RHSA-2021:2472 | 17.06.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-apr | Fixed | RHSA-2021:2472 | 17.06.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.1 Low
CVSS3
Связанные уязвимости
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port and this way potentially make curl extract information about services that are otherwise private and not disclosed for example doing port scanning and service banner extractions.
A malicious server can use the FTP PASV response to trick curl 7.73.0 ...
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
EPSS
3.1 Low
CVSS3