Novell Home

CVE-2009-0037

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-0037 at MITRE

Details

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
Novell Bugzilla entry: 475103

SUSE Security Advisories:

Product(s) Fixed package version(s) References
openSUSE 10.3
  • curl >= 7.16.4-16.4
  • curl-ca-bundle >= 7.16.4-16.4
  • libcurl-devel >= 7.16.4-16.4
  • libcurl4 >= 7.16.4-16.4
  • libcurl4-32bit >= 7.16.4-16.4
  • libcurl4-64bit >= 7.16.4-16.4
 ZYPP Patch Nr: 6004
SAT Patch Nr: 530
openSUSE 11.0
  • curl-debuginfo >= 7.18.1-18.2
  • curl-debugsource >= 7.18.1-18.2
 ZYPP Patch Nr: 6004
SAT Patch Nr: 530
openSUSE 11.0
  • curl >= 7.18.1-18.2
  • libcurl-devel >= 7.18.1-18.2
  • libcurl4 >= 7.18.1-18.2
  • libcurl4-32bit >= 7.18.1-18.2
  • libcurl4-64bit >= 7.18.1-18.2
 ZYPP Patch Nr: 6004
SAT Patch Nr: 530
openSUSE 11.1
  • curl-debuginfo >= 7.19.0-11.2.2
  • curl-debugsource >= 7.19.0-11.2.2
 ZYPP Patch Nr: 6004
SAT Patch Nr: 530
openSUSE 11.1
  • curl >= 7.19.0-11.2.2
  • libcurl-devel >= 7.19.0-11.2.2
  • libcurl4 >= 7.19.0-11.2.2
  • libcurl4-32bit >= 7.19.0-11.2.2
  • libcurl4-64bit >= 7.19.0-11.2.2
 ZYPP Patch Nr: 6004
SAT Patch Nr: 530
SUSE Linux Enterprise Desktop 10 SP2 for x86
SUSE Linux Enterprise Server 10 SP2 for x86
  • curl >= 7.15.1-19.11
  • curl-devel >= 7.15.1-19.11
 sles10-sp2. ia64
sled10-sp2. x86-64
sles10-sp2. x86
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sles10-sp2. ppc
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
ZYPP Patch Nr: 6015
SLE SDK 10 SP2 for IBM iSeries and IBM pSeries
SLE SDK 10 SP2 for IBM zSeries
SLE SDK 10 SP2 for IPF
SLE SDK 10 SP2 for X86-64
SLE SDK 10 SP2 for x86
  • curl-devel >= 7.15.1-19.11
 sles10-sp2. ia64
sled10-sp2. x86-64
sles10-sp2. x86
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sles10-sp2. ppc
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
ZYPP Patch Nr: 6015
SUSE Linux Enterprise Server 10 SP2 for IPF
  • curl >= 7.15.1-19.11
  • curl-devel >= 7.15.1-19.11
  • curl-x86 >= 7.15.1-19.11
 sles10-sp2. ia64
sled10-sp2. x86-64
sles10-sp2. x86
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sles10-sp2. ppc
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
ZYPP Patch Nr: 6015
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
  • curl >= 7.15.1-19.11
  • curl-64bit >= 7.15.1-19.11
  • curl-devel >= 7.15.1-19.11
 sles10-sp2. ia64
sled10-sp2. x86-64
sles10-sp2. x86
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sles10-sp2. ppc
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
ZYPP Patch Nr: 6015
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
  • curl >= 7.15.1-19.11
  • curl-32bit >= 7.15.1-19.11
  • curl-devel >= 7.15.1-19.11
 sles10-sp2. ia64
sled10-sp2. x86-64
sles10-sp2. x86
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. x86
sles10-sp2. ppc
sles10-sp2-sdk. x86-64
sles10-sp2. s390x
ZYPP Patch Nr: 6015
SLES 11 DEBUGINFO
  • curl-debuginfo >= 7.19.0-11.21.1
  • curl-debugsource >= 7.19.0-11.21.1
 sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sles10-sp2-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sles10-sp2-debuginfo. s390x
sle11-debuginfo. ppc
sles10-sp2-debuginfo. ia64
sles10-sp2-debuginfo. ppc
SAT Patch Nr: 634
SLE 11
  • libcurl-devel >= 7.19.0-11.21.1
 sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sles10-sp2-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sles10-sp2-debuginfo. s390x
sle11-debuginfo. ppc
sles10-sp2-debuginfo. ia64
sles10-sp2-debuginfo. ppc
SAT Patch Nr: 634
SLED 11
SLES 11
  • curl >= 7.19.0-11.21.1
  • libcurl4 >= 7.19.0-11.21.1
 sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sles10-sp2-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sles10-sp2-debuginfo. s390x
sle11-debuginfo. ppc
sles10-sp2-debuginfo. ia64
sles10-sp2-debuginfo. ppc
SAT Patch Nr: 634
SLES 11
  • curl >= 7.19.0-11.21.1
  • libcurl4 >= 7.19.0-11.21.1
  • libcurl4-x86 >= 7.19.0-11.21.1
 sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sles10-sp2-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sles10-sp2-debuginfo. s390x
sle11-debuginfo. ppc
sles10-sp2-debuginfo. ia64
sles10-sp2-debuginfo. ppc
SAT Patch Nr: 634
SLED 11
SLES 11
  • curl >= 7.19.0-11.21.1
  • libcurl4 >= 7.19.0-11.21.1
  • libcurl4-32bit >= 7.19.0-11.21.1
 sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sles10-sp2-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sles10-sp2-debuginfo. s390x
sle11-debuginfo. ppc
sles10-sp2-debuginfo. ia64
sles10-sp2-debuginfo. ppc
SAT Patch Nr: 634
Novell Linux Desktop 9 for x86
Novell Linux POS 9
Open Enterprise Server
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
  • curl >= 7.11.0-39.18
  • curl-devel >= 7.11.0-39.18
 sles9-nld. x86-64
core9. ia64
sles9-nld. x86
core9. s390
core9. ppc
core9. x86-64
core9. x86
sles9-oes. x86
core9. s390x
sles9-nlpos. x86
YOU Patch Nr: 12356
SUSE CORE 9 for IBM zSeries 64bit
  • curl >= 7.11.0-39.18
  • curl-32bit >= 9-200902201553
  • curl-devel >= 7.11.0-39.18
 sles9-nld. x86-64
core9. ia64
sles9-nld. x86
core9. s390
core9. ppc
core9. x86-64
core9. x86
sles9-oes. x86
core9. s390x
sles9-nlpos. x86
YOU Patch Nr: 12356
Novell Linux Desktop 9 for x86_64
SUSE CORE 9 for AMD64 and Intel EM64T
  • curl >= 7.11.0-39.18
  • curl-32bit >= 9-200902201554
  • curl-devel >= 7.11.0-39.18
 sles9-nld. x86-64
core9. ia64
sles9-nld. x86
core9. s390
core9. ppc
core9. x86-64
core9. x86
sles9-oes. x86
core9. s390x
sles9-nlpos. x86
YOU Patch Nr: 12356
SUSE Linux Enterprise Desktop 10 SP2 for x86
SUSE Linux Enterprise Server 10 SP2 for x86
  • compat-curl2 >= 7.11.0-20.6
 sles10-sp2. s390x
sles10-sp2. x86
sles10-sp2. ppc
sles10-sp2. x86-64
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6408
SUSE Linux Enterprise Server 10 SP2 for IPF
  • compat-curl2 >= 7.11.0-20.6
  • compat-curl2-x86 >= 7.11.0-20.6
 sles10-sp2. s390x
sles10-sp2. x86
sles10-sp2. ppc
sles10-sp2. x86-64
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6408
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
  • compat-curl2 >= 7.11.0-20.6
  • compat-curl2-64bit >= 7.11.0-20.6
 sles10-sp2. s390x
sles10-sp2. x86
sles10-sp2. ppc
sles10-sp2. x86-64
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6408
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
  • compat-curl2 >= 7.11.0-20.6
  • compat-curl2-32bit >= 7.11.0-20.6
 sles10-sp2. s390x
sles10-sp2. x86
sles10-sp2. ppc
sles10-sp2. x86-64
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. ia64
ZYPP Patch Nr: 6408

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.