Rapid7 Vulnerability & Exploit Database

RHSA-2011:0918: curl security update

Back to Search

RHSA-2011:0918: curl security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
07/07/2011
Created
07/25/2018
Added
07/18/2011
Modified
07/04/2017

Description

cURL provides the libcurl library and a command line tool for downloadingfiles from servers using various protocols, including HTTP, FTP, and LDAP.It was found that cURL always performed credential delegation whenauthenticating with GSSAPI. A rogue server could use this flaw to obtainthe client's credentials and impersonate that client to other servers thatare using GSSAPI. (CVE-2011-2192)Users of curl should upgrade to these updated packages, which contain abackported patch to correct this issue. All running applications usinglibcurl must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-curl
  • redhat-upgrade-curl-debuginfo
  • redhat-upgrade-curl-devel
  • redhat-upgrade-libcurl
  • redhat-upgrade-libcurl-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;