CVE-2014-0015

Priority
Medium
Description
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication
method is enabled, re-uses NTLM connections, which might allow
context-dependent attackers to authenticate as other users via a request.
References
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.35.0-1)
Ubuntu 10.04 LTS (Lucid Lynx):released (7.19.7-1ubuntu1.6)
Ubuntu 12.04 LTS (Precise Pangolin):released (7.22.0-3ubuntu4.7)
Ubuntu 12.10 (Quantal Quetzal):released (7.27.0-1ubuntu1.8)
Ubuntu 13.10 (Saucy Salamander):released (7.32.0-1ubuntu1.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu1)
Patches:
Upstream:https://github.com/bagder/curl/commit/8ae35102c43d8d (7.28+)
Upstream:curl.haxx.se/CVE-2014-0015-7-27.patch (7.27-)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-02-05 18:14:52 UTC (commit 7713)