oval:org.mitre.oval:def:7678
Definition Id: oval:org.mitre.oval:def:7678 | |||
Oval ID: | oval:org.mitre.oval:def:7678 | ||
Title: | DSA-1738 curl -- arbitrary file access | ||
Description: | David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expose local files, overwrite local files or even execute arbitrary code via a malicious URL redirect. This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by default does not include the scp and file protocol handlers. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1738 CVE-2009-0037 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | curl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6513 | |||
Oval ID: | oval:org.mitre.oval:def:6513 | ||
Title: | Debian GNU/Linux 5.0 is installed | ||
Description: | Debian GNU/Linux 5.0 (lenny) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:5.0 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:7678 |
Definition Id: oval:org.mitre.oval:def:6461 | |||
Oval ID: | oval:org.mitre.oval:def:6461 | ||
Title: | Debian GNU/Linux 4.0 is installed. | ||
Description: | Debian GNU/Linux 4.0 (etch) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:4.0 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:7678 |