SB2017081124 - Open redirect in curl (Alpine package)
Published: August 11, 2017
Security Bulletin ID
SB2017081124
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Open redirect (CVE-ID: CVE-2017-1000100)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to redirect website visitors to external websites.
The weakness exists due to incorrect validation of redirected URL. A remote attacker can redirect the target user's curl request to a TFTP URL with a long filename to cause the target user's curl application to send portions of system memory.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=cbf50badfab16636b8752fadd5fa558b9fca6999
- https://git.alpinelinux.org/aports/commit/?id=4a60b4d3583938cdd36c82d763ac5167d7720079
- https://git.alpinelinux.org/aports/commit/?id=8e6f31c56dbe2966fb43113f9c7c1039bbef9865
- https://git.alpinelinux.org/aports/commit/?id=a51f2d7593706eb38073b80df6192c6730f36c60
- https://git.alpinelinux.org/aports/commit/?id=dba8b02f8c7dbcbb9187eac2b24fd749edc37599