Improper Authentication in cURL - CVE-2016-7141
Published: October 4, 2016 / Updated: July 28, 2020
Vulnerability identifier: #VU32242
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-7141
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: curl.haxx.se
Affected software:
cURL
cURL
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
How to mitigate CVE-2016-7141
Install update from vendor's website.
Sources
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
- http://rhn.redhat.com/errata/RHSA-2016-2575.html
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/92754
- http://www.securitytracker.com/id/1036739
- https://access.redhat.com/errata/RHSA-2018:3558
- https://bugzilla.redhat.com/show_bug.cgi?id=1373229
- https://curl.haxx.se/docs/adv_20160907.html
- https://github.com/curl/curl/commit/curl-7_50_2~32
- https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
- https://security.gentoo.org/glsa/201701-47