Security holes affect multiple Linux/Unix products

Bill Brenner of SearchSecurity.com writes: “Attackers could launch malicious code by exploiting vulnerabilities in a file transferring tool used in many Linux and Unix systems, according to two security firms.

Reston, Va.-based iDefense said the security holes exist in cURL/libcURL, a command line tool for transferring files with a URL syntax such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP….

iDefense said it confirmed the flaws in cURL version 7.12.1 and that earlier versions are likely affected as well. Any application built using a vulnerable version of libcURL will also be affected, the firm said.

Danish firm Secunia labeled the vulnerabilities “moderately critical” and noted that the vendor has issued a fix for the NTLM vulnerability. For the second flaw, the firm recommended users recompile cURL without Kerberos support.”

Full article: Security holes affect multiple Linux/Unix products