Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Microsoft on CVE-2021-22947
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: John Hascall via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 12 Jan 2022 10:23:11 -0600
It isn't directly a RCE, but it seems like that might be a possibility --
say some process was using FTP/STARTTLS to download a script to run. If a
MITM can interject content as the top of that script, that could be
unpleasant.
John
Date: Wed, 12 Jan 2022 10:23:11 -0600
It isn't directly a RCE, but it seems like that might be a possibility --
say some process was using FTP/STARTTLS to download a script to run. If a
MITM can interject content as the top of that script, that could be
unpleasant.
John
--- John Hascall Senior Security Architect Information Technology Services Iowa State University john_at_iastate.edu On Wed, Jan 12, 2022 at 9:25 AM Patrick Monnerat via curl-library < curl-library_at_lists.haxx.se> wrote: > > On 1/12/22 12:33, Daniel Stenberg via curl-library wrote: > > Hi team, > > > > Just a FYI: > > > > Yesterday, Microsoft published information[1] and upgrade details for > > fixing their version of curl in regards to the problem called > > CVE-2021-22947 that we reported back in September 2021 [2]. > > > > In their great wisdom, without asking us or reading our description, > > they decided this is a "Remote Code Execution Vulnerability". > > > > I obviously disagree with that description. > > Me too ! > > But it's really not the first time they do something wrong about > security :-( What did you expect after all these years of erring ?... > > ;-) > > -- > Unsubscribe: https://lists.haxx.se/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html >
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-01-12