CVE-2011-2192

libcurl <7.21.6 - Privilege Escalation

Title source: llm

Description

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

References (19)

Core 19

Core References

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:116

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45181

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT5130

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45144

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1158-1

Vendor Advisory x_refsource_confirm

http://curl.haxx.se/docs/adv_20110623.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45067

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1025713

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0918.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201203-02.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48256

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2271

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=711454

Broken Link x_refsource_confirm

http://curl.haxx.se/curl-gssapi-delegation.patch

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45088

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45047

Scores

EPSS 0.0205

EPSS Percentile 84.1%

Details

CWE

CWE-255

Status published

Products (11)

apple/mac_os_x < 10.7.3

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 10.10

canonical/ubuntu_linux 11.04

debian/debian_linux 5.0

debian/debian_linux 6.0

debian/debian_linux 7.0

fedoraproject/fedora 14

fedoraproject/fedora 15

... and 1 more

Published Jul 07, 2011

Tracked Since Feb 18, 2026