It was reported that the application always performs credential delegation when authenticating with GSSAPI. A rouge server could use this flaw to obtain the client’s credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)

Affected versions include versions 7.10.6 through 7.21.6.

IAVA Reference : 2012-A-0020
STIG Finding Severity : Category I

Binary data 801392.prm

References

curl.haxx.se/docs/adv_20110623.html

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192

openvas 31

nessus 20

redhat 2

altlinux 2

centos 1

ubuntucve 1

prion 1

debiancve 1

fedora 3

debian 2

veracode 1

oraclelinux 1

securityvulns 4

freebsd 1

cve 1

ubuntu 1

gentoo 1

vmware 2

openvas

RedHat Update for curl RHSA-2011:0918-01

2011-07-08 00:00:00

Fedora Update for curl FEDORA-2011-8586

2011-07-12 00:00:00

Mandriva Update for curl MDVSA-2011:116 (curl)

2011-07-27 00:00:00

nessus

RHEL 4 / 5 / 6 : curl (RHSA-2011:0918)

2011-07-06 00:00:00

Mandriva Linux Security Advisory : curl (MDVSA-2011:116)

2011-07-25 00:00:00

Fedora 15 : curl-7.21.3-8.fc15 (2011-8586)

2011-06-27 00:00:00

redhat

(RHSA-2011:0918) Moderate: curl security update

2011-07-05 00:00:00

(RHSA-2011:1090) Moderate: rhev-hypervisor security and bug fix update

2011-07-27 00:00:00

altlinux

Security fix for the ALT Linux 6 package curl version 7.21.7-alt1

2011-06-27 00:00:00

Security fix for the ALT Linux 8 package curl version 7.21.7-alt1

2011-06-27 00:00:00

centos

curl security update

2011-07-06 01:31:31

ubuntucve

CVE-2011-2192

2011-06-23 00:00:00

prion

Deserialization of untrusted data

2011-07-07 21:55:00

debiancve

CVE-2011-2192

2011-07-07 21:55:00

fedora

[SECURITY] Fedora 14 Update: curl-7.21.0-8.fc14

2011-07-04 18:52:22

[SECURITY] Fedora 15 Update: curl-7.21.3-8.fc15

2011-06-25 19:58:00

[SECURITY] Fedora 15 Update: curl-7.21.3-13.fc15

2012-02-11 22:04:59

debian

[SECURITY] [DSA 2271-1] curl security update

2011-07-02 07:49:58

[SECURITY] [DSA 2271-1] curl security update

2011-07-02 07:49:58

veracode

Information Disclosure

2020-04-10 01:04:31

oraclelinux

curl security update

2011-07-05 00:00:00

securityvulns

libcurl GSSAPI security vulnerability

2011-06-28 00:00:00

[USN-1158-1] curl vulnerabilities

2011-06-28 00:00:00

Apple OS X multiple security vulnerabilities

2012-02-03 00:00:00

freebsd

cURL -- inappropriate GSSAPI delegation

2011-06-23 00:00:00

cve

CVE-2011-2192

2011-07-07 21:55:00

ubuntu

curl vulnerabilities

2011-06-24 00:00:00

gentoo

cURL: Multiple vulnerabilities

2012-03-06 00:00:00

vmware

VMware ESXi and ESX updates to third party library and ESX Service Console

2012-01-30 00:00:00

VMware ESXi and ESX updates to third party library and ESX Service Console

2012-01-30 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for 801392.PRM