CVE-2011-2192
CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://curl.haxx.se/curl-gssapi-delegation.patchhttp://curl.haxx.se/docs/adv_20110623.htmlhttp://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=711454http://secunia.com/advisories/45047http://secunia.com/advisories/45067http://secunia.com/advisories/45088http://secunia.com/advisories/45144http://secunia.com/advisories/45181http://secunia.com/advisories/48256