cURL CVE-2016-4802 DLL Loading Local Code Execution Vulnerability

cURL is prone to a vulnerability that lets attackers execute arbitrary code.

An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a customized library file from application path which contains a specially crafted code. Successful exploit allows attacker to execute local code with elevated privileges.

cURL 7.11.1 through 7.49.0 are vulnerable.

Information

Bugtraq ID: 90997
Class: Design Error
CVE: CVE-2016-4802

Remote: Yes
Local: No
Published: Jun 01 2016 12:00AM
Updated: Apr 24 2017 12:04AM
Credit: Guohui from Huawei WeiRan Labs
Vulnerable: Oracle Secure Global Desktop 5.3
Oracle Secure Global Desktop 5.2
IBM BigFix Platform 9.5
IBM BigFix Platform 9.2
IBM BigFix Platform 9.1
IBM BigFix Platform 9.0
Daniel Stenberg curl 7.49
Daniel Stenberg curl 7.42.1
Daniel Stenberg curl 7.42
Daniel Stenberg curl 7.41
Daniel Stenberg curl 7.40
Daniel Stenberg curl 7.37
Daniel Stenberg curl 7.36
Daniel Stenberg curl 7.34
Daniel Stenberg curl 7.33
Daniel Stenberg curl 7.32
Daniel Stenberg curl 7.31
Daniel Stenberg curl 7.30
Daniel Stenberg curl 7.20
Daniel Stenberg curl 7.19.6
Daniel Stenberg curl 7.19.5
Daniel Stenberg curl 7.19.4
Daniel Stenberg curl 7.19.3
Daniel Stenberg curl 7.19
Daniel Stenberg curl 7.18.1
Daniel Stenberg curl 7.18
Daniel Stenberg curl 7.17
Daniel Stenberg curl 7.16.4
Daniel Stenberg curl 7.15.5
Daniel Stenberg curl 7.15.3
Daniel Stenberg curl 7.15.2
Daniel Stenberg curl 7.15.1
Daniel Stenberg curl 7.15
Daniel Stenberg curl 7.14.1
Daniel Stenberg curl 7.14
Daniel Stenberg curl 7.13.2
Daniel Stenberg curl 7.13.1
Daniel Stenberg curl 7.13
Daniel Stenberg curl 7.12.3
Daniel Stenberg curl 7.12.2
Daniel Stenberg curl 7.12.1
+ Redhat Desktop 4.0
+ Redhat Enterprise Linux AS 4
+ Redhat Enterprise Linux ES 4
+ Redhat Enterprise Linux WS 4
Daniel Stenberg curl 7.12
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Daniel Stenberg curl 7.11.2
Daniel Stenberg curl 7.11.1
Daniel Stenberg curl 7.39.0
Daniel Stenberg curl 7.38.0
Daniel Stenberg curl 7.35.0
Daniel Stenberg curl 7.29.0
Daniel Stenberg curl 7.28.1
Daniel Stenberg curl 7.28.0
Daniel Stenberg curl 7.27.0
Daniel Stenberg curl 7.26.0
Daniel Stenberg curl 7.24.0
Daniel Stenberg curl 7.23.1
Daniel Stenberg curl 7.21.7
Daniel Stenberg curl 7.21.4
Daniel Stenberg curl 7.20.2
Daniel Stenberg curl 7.20.1
Daniel Stenberg curl 7.16.3

Not Vulnerable: Daniel Stenberg curl 7.49.1

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

• cURL Home Page (cURL)
  
• cURL DLL Loading Error Lets Local Users Gain Elevated Privileges (securitytracker)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  
• swg21995850: BigFix Platform has a libcURL vulnerabilty (CVE-2016-4802) (IBM)
  

Source: www.securityfocus.com