cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: [SECURITY ADVISORY] remote file name path traversal in curl tool for Windows

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Wed, 27 Jan 2016 09:15:51 +0100

On Wed, Jan 27, 2016 at 08:46:09AM +0100, Daniel Stenberg wrote:
> remote file name path traversal in curl tool for Windows
> ========================================================
>
> Project cURL Security Advisory, January 27th 2016 -
> [Permalink](http://curl.haxx.se/docs/adv_20160127B.html)
>
> VULNERABILITY
> -------------
>
> curl does not sanitize colons in a remote file name that is used as the local
> file name. This may lead to a vulnerability on systems where the colon is a
> special path character. Currently Windows is the only OS where this
> vulnerability applies.

Not that it's really that relevant any more, but I'm pretty sure this would
affect (and still affects, if curl even compiles there any more) Symbian.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2016-01-27

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [SECURITY ADVISORY] remote file name path traversal in curl tool for Windows"
Previous message: Daniel Stenberg: "[SECURITY ADVISORY] remote file name path traversal in curl tool for Windows"
In reply to: Daniel Stenberg: "[SECURITY ADVISORY] remote file name path traversal in curl tool for Windows"
Next in thread: Daniel Stenberg: "Re: [SECURITY ADVISORY] remote file name path traversal in curl tool for Windows"
Reply: Daniel Stenberg: "Re: [SECURITY ADVISORY] remote file name path traversal in curl tool for Windows"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]