Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0138

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2014-0138
Last Modified 16 Jul 2015 09:59:30
Published 15 Apr 2014 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0138

Summary

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

Vulnerable Systems

Application

  • Haxx Curl 7.10.6

  • Haxx Curl 7.10.7

  • Haxx Curl 7.10.8

  • Haxx Curl 7.11.0

  • Haxx Curl 7.11.1

  • Haxx Curl 7.11.2

  • Haxx Curl 7.12.0

  • Haxx Curl 7.12.1

  • Haxx Curl 7.12.2

  • Haxx Curl 7.12.3

  • Haxx Curl 7.13.0

  • Haxx Curl 7.13.1

  • Haxx Curl 7.13.2

  • Haxx Curl 7.14.0

  • Haxx Curl 7.14.1

  • Haxx Curl 7.15.0

  • Haxx Curl 7.15.1

  • Haxx Curl 7.15.2

  • Haxx Curl 7.15.3

  • Haxx Curl 7.15.4

  • Haxx Curl 7.15.5

  • Haxx Curl 7.16.0

  • Haxx Curl 7.16.1

  • Haxx Curl 7.16.2

  • Haxx Curl 7.16.3

  • Haxx Curl 7.16.4

  • Haxx Curl 7.17.0

  • Haxx Curl 7.17.1

  • Haxx Curl 7.18.0

  • Haxx Curl 7.18.1

  • Haxx Curl 7.18.2

  • Haxx Curl 7.19.0

  • Haxx Curl 7.19.1

  • Haxx Curl 7.19.2

  • Haxx Curl 7.19.3

  • Haxx Curl 7.19.4

  • Haxx Curl 7.19.5

  • Haxx Curl 7.19.6

  • Haxx Curl 7.19.7

  • Haxx Curl 7.20.0

  • Haxx Curl 7.20.1

  • Haxx Curl 7.21.0

  • Haxx Curl 7.21.1

  • Haxx Curl 7.21.2

  • Haxx Curl 7.21.3

  • Haxx Curl 7.21.4

  • Haxx Curl 7.21.5

  • Haxx Curl 7.21.6

  • Haxx Curl 7.21.7

  • Haxx Curl 7.22.0

  • Haxx Curl 7.23.0

  • Haxx Curl 7.23.1

  • Haxx Curl 7.24.0

  • Haxx Curl 7.25.0

  • Haxx Curl 7.26.0

  • Haxx Curl 7.27.0

  • Haxx Curl 7.28.0

  • Haxx Curl 7.28.1

  • Haxx Curl 7.29.0

  • Haxx Curl 7.30.0

  • Haxx Curl 7.31.0

  • Haxx Curl 7.32.0

  • Haxx Curl 7.33.0

  • Haxx Curl 7.34.0

  • Haxx Curl 7.35.0

  • Haxx Libcurl 7.10.6

  • Haxx Libcurl 7.10.7

  • Haxx Libcurl 7.10.8

  • Haxx Libcurl 7.11.0

  • Haxx Libcurl 7.11.1

  • Haxx Libcurl 7.11.2

  • Haxx Libcurl 7.12.0

  • Haxx Libcurl 7.12.1

  • Haxx Libcurl 7.12.2

  • Haxx Libcurl 7.12.3

  • Haxx Libcurl 7.13.0

  • Haxx Libcurl 7.13.1

  • Haxx Libcurl 7.13.2

  • Haxx Libcurl 7.14.0

  • Haxx Libcurl 7.14.1

  • Haxx Libcurl 7.15.0

  • Haxx Libcurl 7.15.1

  • Haxx Libcurl 7.15.2

  • Haxx Libcurl 7.15.3

  • Haxx Libcurl 7.15.4

  • Haxx Libcurl 7.15.5

  • Haxx Libcurl 7.16.0

  • Haxx Libcurl 7.16.1

  • Haxx Libcurl 7.16.2

  • Haxx Libcurl 7.16.3

  • Haxx Libcurl 7.16.4

  • Haxx Libcurl 7.17.0

  • Haxx Libcurl 7.17.1

  • Haxx Libcurl 7.18.0

  • Haxx Libcurl 7.18.1

  • Haxx Libcurl 7.18.2

  • Haxx Libcurl 7.19.0

  • Haxx Libcurl 7.19.1

  • Haxx Libcurl 7.19.2

  • Haxx Libcurl 7.19.3

  • Haxx Libcurl 7.19.4

  • Haxx Libcurl 7.19.5

  • Haxx Libcurl 7.19.6

  • Haxx Libcurl 7.19.7

  • Haxx Libcurl 7.20.0

  • Haxx Libcurl 7.20.1

  • Haxx Libcurl 7.21.0

  • Haxx Libcurl 7.21.1

  • Haxx Libcurl 7.21.2

  • Haxx Libcurl 7.21.3

  • Haxx Libcurl 7.21.4

  • Haxx Libcurl 7.21.5

  • Haxx Libcurl 7.21.6

  • Haxx Libcurl 7.21.7

  • Haxx Libcurl 7.22.0

  • Haxx Libcurl 7.23.0

  • Haxx Libcurl 7.23.1

  • Haxx Libcurl 7.24.0

  • Haxx Libcurl 7.25.0

  • Haxx Libcurl 7.26.0

  • Haxx Libcurl 7.27.0

  • Haxx Libcurl 7.28.0

  • Haxx Libcurl 7.28.1

  • Haxx Libcurl 7.29.0

  • Haxx Libcurl 7.30.0

  • Haxx Libcurl 7.31.0

  • Haxx Libcurl 7.32.0

  • Haxx Libcurl 7.33.0

  • Haxx Libcurl 7.34.0

  • Haxx Libcurl 7.35.0


References

DEBIAN - DSA-2902

CONFIRM - http://curl.haxx.se/docs/adv_20140326A.html

CONFIRM - http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

CONFIRM - http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

CONFIRM - http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

SECUNIA - 57968

SECUNIA - 57966

SECUNIA - 57836

CONFIRM - http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862

SECUNIA - 59458

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2014-0012.html

BUGTRAQ - 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html


Last Updated: 27 May 2016 11:04:57