oss-sec mailing list archives
Re: curl: Windows OpenSSL engine code injection
From: Jakub Wilk <jwilk () jwilk net>
Date: Mon, 24 Jun 2019 08:14:43 +0200
* Daniel Stenberg <daniel () haxx se>, 2019-06-24, 07:46:
A non-privileged user or program can put code and a config file in a known non-privileged path (under `C:/usr/local/`) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
[...]
CWE-94: Code Injection
I think CWE-426 (Untrusted Search Path) would be more appropriate for this bug.
-- Jakub Wilk
Current thread:
- curl: Windows OpenSSL engine code injection Daniel Stenberg (Jun 23)
- Re: curl: Windows OpenSSL engine code injection Jakub Wilk (Jun 23)