CVE-2010-3842

Priority
Medium
Description
Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when
the --remote-header-name or -J option is used, allows remote servers to
create or overwrite arbitrary files by using \ (backslash) as a separator
of path components within the Content-disposition HTTP header.
References
Notes
jdstrand> from curl advisory: Operating systems affected include Windows,
Netware, MSDOS, OS/2 and Symbian.
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.21.2-1)
Ubuntu 8.04 LTS (Hardy Heron):ignored
Ubuntu 10.04 LTS (Lucid Lynx):ignored
Ubuntu 11.04 (Natty Narwhal):ignored
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:29 UTC (commit 5347)