CVE Vulnerabilities

CVE-2011-2192

Published: Jul 07, 2011 | Modified: May 27, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Affected Software

Name Vendor Start Version End Version
Libcurl Haxx 7.10.6 (including) 7.21.6 (including)
Curl Ubuntu hardy *
Curl Ubuntu lucid *
Curl Ubuntu maverick *
Curl Ubuntu natty *
Curl Ubuntu upstream *
Red Hat Enterprise Linux 4 RedHat curl-0:7.12.1-17.el4 *
Red Hat Enterprise Linux 5 RedHat curl-0:7.15.5-9.el5_6.3 *
Red Hat Enterprise Linux 6 RedHat curl-0:7.19.7-26.el6_1.1 *

References