A stack-based buffer overflow flaw was found in the way SASL implementation of cURL, a command line tool for transferring data with URL syntax, performed DIGEST-MD5 authentication negotiation for IMAP, POP3, and SMTP protocols. A rogue server could use this flaw to cause curl executable / application using the libcurl library it to crash or, potentially, execute arbitrary code with the privileges of the user running the curl binary / the application.
Created attachment 691585 [details]
Proposed upstream patch to correct this issue
This issue did not affect the versions of the curl package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue did not affect the versions of the curl package, as shipped with Fedora release of 16 and 17.
This issue affects the version of the curl package, as shipped with Fedora release of 18.
cURL upstream proposes next Wednesday, February the 6-th, 2013, as the embargo date for this issue.
Red Hat would like to that Daniel Stenberg of cURL project for reporting of this issue. Upstream acknowledges researcher known as Volema as the original issue reporter.
Not vulnerable. This issue did not affect the versions of curl as shipped with Red Hat Enterprise Linux 5 and 6.
Created curl tracking bugs for this issue
Affects: fedora-18 [bug 908301]
Write up form the reporter of the issue, along with proof-of-concept code:
curl-7.27.0-6.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.