FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Affected packages
5.11 <= curl < 7.19.4

Details

VuXML ID 5d433534-f41c-402e-ade5-e0a2259a7cb6
Discovery 2009-03-03
Entry 2009-03-04

Secunia reports:

The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.

References

CVE Name CVE-2009-0037
URL http://secunia.com/advisories/34138/