Security Flaw Found in cURL Library
The vulnerability was patched with the release of version 7.29.
"CURL is a cross-platform command line tool and library for transferring data using URL (uniform resource locator) syntax," writes Computerworld's Lucian Constantin. "It supports a wide range of protocols including HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, DICT, FILE, FTP, FTPS, Gopher, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP."
"The vulnerability is caused due to a boundary error within the 'Curl_sasl_create_digest_md5_message()' function (lib/curl_sasl.c) when negotiating SASL DIGEST-MD5 authentication and can be exploited to cause a stack-based buffer overflow," according to a Secunia security advisory. "Successful exploitation may allow execution of arbitrary code but requires tricking a user into connecting to a malicious server."
"The hole is controversial not because of the command line tools but because of the many programs and scripts that make use of the libcURL library," The H Security reports. "The problem affects versions of libcURL from version 7.26.0 to the current 7.28.1; earlier versions are unaffected."
The flaw was patched last Wednesday with the release of libcurl 7.29.