CVE-2010-3842

Name of the Vulnerable Software and Affected Versions curl versions 7.20.0 through 7.21.1

Description The issue allows remote servers to create or overwrite arbitrary files by using a backslash as a separator of path components within the Content-disposition HTTP header when the --remote-header-name or -J option is used. This is possible because curl attempts to cut off directory parts from filenames in the header but did not account for backslashes, which are used as directory separators in some operating systems, including Windows, Netware, MSDOS, OS/2, and Symbian. This could potentially allow a rogue server to overwrite system files, commands, or known executables.

Recommendations For curl versions 7.20.0 through 7.21.1, consider disabling the use of the --remote-header-name or -J option until a patch is available to prevent potential file overwrites. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the Content-disposition header with backslashes in filenames to prevent potential security issues.