CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
98.7%
Issue Overview:
It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticed requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user. (CVE-2015-3143)
It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones. (CVE-2015-3148)
It was discovered that libcurl did not properly process cookies with a specially crafted “path” element. If an application using libcurl connected to a malicious HTTP server sending specially crafted “Set-Cookies” headers, this could lead to an out-of-bounds read, and possibly cause that application to crash. (CVE-2015-3145)
It was discovered that libcurl did not properly process zero-length host names. If an attacker could trick an application using libcurl into processing zero-length host names, this could lead to an out-of-bounds read, and possibly cause that application to crash. (CVE-2015-3144)
Affected Packages:
curl
Issue Correction:
Run yum update curl to update your system.
New Packages:
i686:
curl-7.40.0-3.50.amzn1.i686
curl-debuginfo-7.40.0-3.50.amzn1.i686
libcurl-devel-7.40.0-3.50.amzn1.i686
libcurl-7.40.0-3.50.amzn1.i686
src:
curl-7.40.0-3.50.amzn1.src
x86_64:
curl-7.40.0-3.50.amzn1.x86_64
libcurl-7.40.0-3.50.amzn1.x86_64
curl-debuginfo-7.40.0-3.50.amzn1.x86_64
libcurl-devel-7.40.0-3.50.amzn1.x86_64
Red Hat: CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148
Mitre: CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | curl | < 7.40.0-3.50.amzn1 | curl-7.40.0-3.50.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | curl-debuginfo | < 7.40.0-3.50.amzn1 | curl-debuginfo-7.40.0-3.50.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libcurl-devel | < 7.40.0-3.50.amzn1 | libcurl-devel-7.40.0-3.50.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libcurl | < 7.40.0-3.50.amzn1 | libcurl-7.40.0-3.50.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | curl | < 7.40.0-3.50.amzn1 | curl-7.40.0-3.50.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libcurl | < 7.40.0-3.50.amzn1 | libcurl-7.40.0-3.50.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | curl-debuginfo | < 7.40.0-3.50.amzn1 | curl-debuginfo-7.40.0-3.50.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libcurl-devel | < 7.40.0-3.50.amzn1 | libcurl-devel-7.40.0-3.50.amzn1.x86_64.rpm |