Security holes affect multiple Linux/Unix products
Source: SecuritySearch - Posted by Benjamin D. Thomas   
Host Security Attackers could launch malicious code by exploiting vulnerabilities in a file transferring tool used in many Linux and Unix systems, according to two security firms. Reston, Va.-based iDefense said the security holes exist in cURL/libcURL, a command line tool for transferring files with a URL syntax such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP.

iDefense said the first problem is a boundary error in the "Curl_input_ntlm()" function during NT Lan Manager (NTLM) authentication. By returning an overly long response when a user unwittingly connects to a malicious server, attackers can cause a stack-based buffer overflow and launch malicious code under the privileges of the victim.

Read this full article at SecuritySearch

Only registered users can write comments.
Please login or register.

Powered by AkoComment!