Credentials management in cURL - CVE-2011-2192

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Remediation

External links

• http://curl.haxx.se/curl-gssapi-delegation.patch
• http://curl.haxx.se/docs/adv_20110623.html
• http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html
• http://secunia.com/advisories/45047
• http://secunia.com/advisories/45067
• http://secunia.com/advisories/45088
• http://secunia.com/advisories/45144
• http://secunia.com/advisories/45181
• http://secunia.com/advisories/48256
• http://security.gentoo.org/glsa/glsa-201203-02.xml
• http://support.apple.com/kb/HT5130
• http://www.debian.org/security/2011/dsa-2271
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:116
• http://www.redhat.com/support/errata/RHSA-2011-0918.html
• http://www.securitytracker.com/id?1025713
• http://www.ubuntu.com/usn/USN-1158-1
• https://bugzilla.redhat.com/show_bug.cgi?id=711454