The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libcurl | Haxx | 7.10.6 (including) | 7.21.6 (including) |
Curl | Ubuntu | hardy | * |
Curl | Ubuntu | lucid | * |
Curl | Ubuntu | maverick | * |
Curl | Ubuntu | natty | * |
Curl | Ubuntu | upstream | * |
Red Hat Enterprise Linux 4 | RedHat | curl-0:7.12.1-17.el4 | * |
Red Hat Enterprise Linux 5 | RedHat | curl-0:7.15.5-9.el5_6.3 | * |
Red Hat Enterprise Linux 6 | RedHat | curl-0:7.19.7-26.el6_1.1 | * |