1. Reverse Engineering >
  2. Exploits >
  3. curl: curl overwrites local file with -J option if file non-readable, but file writable.

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

curl: curl overwrites local file with -J option if file non-readable, but file writable.


Exploits vom | Direktlink: vulners.com Nachrichten Bewertung


image
Summary: When using -J -O options on curl command line tool and a server responding with a header that is using Content-Disposition to provide a filename, existing local file will be overwritten if the file is non-readable by the current user, but file is writable by the current user. Curl contains protection to prevent the overwrite, but protection code is using the file's readability permission to check for its existence. So protection will be bypassed in this case, as it is only writable by the user. Issue was discovered after review of CVE-2020-8177 description. I was curious how the Content-Disposition feature and prevention of file overwrite worked. While reviewing the code around that feature noted that the existence of the file is checked via being able to read the file. So what happens if the file is not readable, but writable!?! Why would a system have a file that is writable only, for sensitive information that must be collected by a particular user, but must not be viewable by that user. Certain logs or audit trails or privacy related files or security related files, might have such restrictions. Additionally, and in an extreme example, code as written is susceptible to Race Condition as the file existence check and file write are done with two distinct fopen() calls in the tool_create_output_file() in tool_cb_wrt.c file. Data lose possible if parallel write operations performed on the same file via two curl processes, or even some other process (malicious......
https://vulners.com/hackerone/H1:926638?utm_source=rss&utm_medium=rss&utm_campaign=rss

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

USN-3123-1: curl vulnerabilities

vom 352.71 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3123-1 3rd November, 2016 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several secu

USN-3123-1: curl vulnerabilities

vom 352.71 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3123-1 3rd November, 2016 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several secu

Scrounger - Mobile Application Testing Toolkit

vom 337.57 Punkte ic_school_black_18dp
Scrounger - a person who borrows from or lives off others. There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools that have already been published, the second reason is because it lives off mobile application's vulnerabilities. Why Even t

USN-4402-1: curl vulnerabilities

vom 327.2 Punkte ic_school_black_18dp
curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in curl. Soft

USN-3498-1: curl vulnerabilities

vom 323.32 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3498-1 29th November, 2017 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues w

USN-3457-1: curl vulnerability

vom 308.62 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3457-1 23rd October, 2017 curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary curl could be made to cra

USN-3441-1: curl vulnerabilities

vom 302.36 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3441-1 10th October, 2017 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed

Command Injection Payload List

vom 293.93 Punkte ic_school_black_18dp
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP header

warning: file /usr/lib/node_modules/npm/scripts/index-build.js: remove failed: No such file or directory warning: file

vom 276.39 Punkte ic_school_black_18dp
Hello everyone , I have to update amazon linux server for partners, I encounter many warnings that there are no files or folders in nodejs like this, will it affect the system? , I think yum update has this warning because it didn't have any files or folde

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

vom 271.84 Punkte ic_school_black_18dp
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI.AbstractTrivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy detects vulnerabilities of OS packages (A

USN-4129-1: curl vulnerabilities

vom 257.19 Punkte ic_school_black_18dp
curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in curl. Software Description curl - HTTP, HTTPS, and FTP cl

USN-3598-1: curl vulnerabilities

vom 249.84 Punkte ic_school_black_18dp
curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in curl. Software Description curl - HTTP, HTTPS, and FTP client

Team Security Diskussion über curl: curl overwrites local file with -J option if file non-readable, but file writable.