Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2192

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2192
Last Modified 03 Feb 2012 10:59:28
Published 07 Jul 2011 05:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2192

Summary

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Vulnerable Systems

Application

  • Curl

  • Libcurl 7.10.6

  • Libcurl 7.10.7

  • Libcurl 7.10.8

  • Libcurl 7.11.0

  • Libcurl 7.11.1

  • Libcurl 7.11.2

  • Libcurl 7.12

  • Libcurl 7.12.0

  • Libcurl 7.12.1

  • Libcurl 7.12.2

  • Libcurl 7.12.3

  • Libcurl 7.13

  • Libcurl 7.13.1

  • Libcurl 7.13.2

  • Libcurl 7.14

  • Libcurl 7.14.1

  • Libcurl 7.15

  • Libcurl 7.15.1

  • Libcurl 7.15.2

  • Libcurl 7.15.3

  • Libcurl 7.16.3

  • Libcurl 7.17.0

  • Libcurl 7.17.1

  • Libcurl 7.18.0

  • Libcurl 7.18.1

  • Libcurl 7.18.2

  • Libcurl 7.19.0

  • Libcurl 7.19.1

  • Libcurl 7.19.2

  • Libcurl 7.19.3

  • Libcurl 7.19.4

  • Libcurl 7.19.5

  • Libcurl 7.19.6

  • Libcurl 7.19.7

  • Libcurl 7.20.0

  • Libcurl 7.20.1

  • Libcurl 7.21.1

  • Libcurl 7.21.2

  • Libcurl 7.21.3

  • Libcurl 7.21.4

  • Libcurl 7.21.5

  • Libcurl 7.21.6


References

CONFIRM - http://curl.haxx.se/curl-gssapi-delegation.patch

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=711454

UBUNTU - USN-1158-1

SECTRACK - 1025713

REDHAT - RHSA-2011:0918

MANDRIVA - MDVSA-2011:116

DEBIAN - DSA-2271

SECUNIA - 45181

SECUNIA - 45144

SECUNIA - 45088

SECUNIA - 45067

SECUNIA - 45047

FEDORA - FEDORA-2011-8586

FEDORA - FEDORA-2011-8640

CONFIRM - http://curl.haxx.se/docs/adv_20110623.html

CONFIRM - http://support.apple.com/kb/HT5130

APPLE - APPLE-SA-2012-02-01-1

Related Patches

Apple 2012-02-01 Mac OS X Server 10.7.3 Update

Apple 2012-02-01 Mac OS X 10.7.3 Update

Apple 2012-02-01 Mac OS X Server 10.7.3 Combo Update

Apple 2012-02-01 Mac OS X 10.7.3 Combo Update

Apple 2012-02-01 Security Update 2012-001 v1.1 Server (Snow Leopard)

Apple 2012-02-01 Security Update 2012-001 v1.1 (Snow Leopard)

Novell SUSE 2012:5738 softwaremgmt-201202 recommended update for SLE 11 SP1 i586

Novell SUSE 2012:5738 softwaremgmt-201202 recommended update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:57:24