CVE-2014-0015
Published: 31 January 2014
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
Priority
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
upstream |
Released
(7.35.0-1)
|
lucid |
Released
(7.19.7-1ubuntu1.6)
|
|
precise |
Released
(7.22.0-3ubuntu4.7)
|
|
quantal |
Released
(7.27.0-1ubuntu1.8)
|
|
saucy |
Released
(7.32.0-1ubuntu1.3)
|
|
Patches: upstream: https://github.com/bagder/curl/commit/8ae35102c43d8d (7.28+) upstream: https://curl.haxx.se/CVE-2014-0015-7-27.patch (7.27-) |