[arch-security] [ASA-201602-3] curl: authentication bypass
anthraxx at archlinux.org
Tue Feb 2 13:41:58 UTC 2016
Arch Linux Security Advisory ASA-201602-3
Date : 2016-02-02
CVE-ID : CVE-2016-0755
Package : curl
Type : authentication bypass
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package curl before version 7.47.0-1 is vulnerable to authentication
Upgrade to 7.47.0-1.
# pacman -Syu "curl>=7.47.0-1"
The problem has been fixed upstream in version 7.47.0.
A vulnerability was found in a way libcurl uses NTLM-authenticated proxy
connections. Libcurl will reuse NTLM-authenticated proxy connections
without properly making sure that the connection was authenticated with
the same credentials as set for this transfer.
Since NTLM-based authentication is connection oriented instead of
request oriented as other HTTP based authentication, it is important
that only connections that have been authenticated with the correct
username + password are reused. This was done properly for server
connections already, but libcurl failed to do it properly for proxy
connections using NTLM, which might allow remote attackers to
authenticate as other users via a request.
A remote attacker is able to authenticate as other users via a request
without providing any NTLM credentials.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security