FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1061

This CVE name corresponds to:

Entered Topic
2006-03-20 curl -- TFTP packet buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-1061
Phase Assigned(20060307)

Description

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.

References

Source Reference
FULLDISC 20060320 [SSAG#001] :: cURL tftp:// URL Buffer Overflow
CONFIRM http://curl.haxx.se/docs/adv_20060320.html
FEDORA FEDORA-2006-189
GENTOO GLSA-200603-19
TRUSTIX 2006-0016
BID 17154
VUPEN ADV-2006-1008
OSVDB 23982
SECUNIA 19271
SECUNIA 19335
SECUNIA 19344
SECUNIA 19371
XF curl-tftp-bo(25318)