Arch Linux Security Advisory ASA-201602-3 ========================================= Severity: Low Date : 2016-02-02 CVE-ID : CVE-2016-0755 Package : curl Type : authentication bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package curl before version 7.47.0-1 is vulnerable to authentication bypass. Resolution ========== Upgrade to 7.47.0-1. # pacman -Syu "curl>=7.47.0-1" The problem has been fixed upstream in version 7.47.0. Workaround ========== None. Description =========== A vulnerability was found in a way libcurl uses NTLM-authenticated proxy connections. Libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Since NTLM-based authentication is connection oriented instead of request oriented as other HTTP based authentication, it is important that only connections that have been authenticated with the correct username + password are reused. This was done properly for server connections already, but libcurl failed to do it properly for proxy connections using NTLM, which might allow remote attackers to authenticate as other users via a request. Impact ====== A remote attacker is able to authenticate as other users via a request without providing any NTLM credentials. References ========== https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0755 http://curl.haxx.se/docs/adv_20160127A.html