Debian 2.2 Security Advisory: Curl Remote Exploit Error Logging Issue
debian
October 13, 2000
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code.
Topics Covered
Summary
Package : curl and curl-ssl
Problem type : remote exploit
Debian-specific: no
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug
in the error logging code: when it created an error message it failed to
check the size of the buffer allocated for storing the message. This
could be exploited by the remote machine by returning an invalid
response to a request from curl which overflows the error buffer and
trick curl into executing arbitrary code.
Debian ships with two versions of curl: the normal curl package, and the
crypto-enabled curl-ssl package. This bug has been fixed in curl version
6.0-1.1 and curl-ssl version 6.0-1.2 .
We recommend you upgrade your curl or curl-ssl package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
Slink did not contain curl or curl-ssl.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At
th...
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!