Vulnerability identifier: #VU33107
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
cURL
Client/Desktop applications /
Other client software
Vendor: curl.haxx.se
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Per http://www.ubuntu.com/usn/USN-1801-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS"
Mitigation
Install update from vendor's website.
Vulnerable software versions
cURL: 7.1 - 7.29.0
External links
http://curl.haxx.se/docs/adv_20130412.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00013.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00016.html
http://rhn.redhat.com/errata/RHSA-2013-0771.html
http://secunia.com/advisories/53044
http://secunia.com/advisories/53051
http://secunia.com/advisories/53097
http://www.debian.org/security/2012/dsa-2660
http://www.mandriva.com/security/advisories?name=MDVSA-2013:151
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.osvdb.org/92316
http://www.securityfocus.com/bid/59058
http://www.ubuntu.com/usn/USN-1801-1
http://bugzilla.redhat.com/show_bug.cgi?id=950577
http://github.com/bagder/curl/commit/2eb8dcf26cb37f09cffe26909a646e702dbcab66
http://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.