[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

148037

 
 

909

 
 

118458

 
 

156

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2020-1411 --- curl

ID: oval:org.secpod.oval:def:1601174Date: (C)2020-07-31   (M)2020-07-31
Class: PATCHFamily: unix




This issue only affects the "curl" command line utility. Additionally, this is only an issue when using the "-J" and "-i" command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely running with the same privileges as the user, and thus the user can already overwrite all the files curl could overwrite. However, a local user will have to call curl with the "-J" and "-i" command line options while requesting content from a malicious server, which then opens up an opportunity for the malicious server to overwrite local files

Platform:
Amazon Linux AMI
Product:
curl
Reference:
ALAS-2020-1411
CVE-2020-8177

© SecPod Technologies