CVE-2011-2192

The Curlinputnegotiate function in httpnegotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests...

CentOS 4 / 5 : curl (CESA-2011:0918)

Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

RHEL 4 / 5 / 6 : curl (RHSA-2011:0918)

The remote Redhat Enterprise Linux 4 / 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0918 advisory. cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, an...

Moderate: Red Hat Security Advisory: curl security update

Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Fedora 14 : curl-7.21.0-8.fc14 (2011-8640)

do not delegate GSSAPI credentials CVE-2011-2192 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

curl security update

7.19.7-26.el61.1 - do not delegate GSSAPI credentials CVE-2011-2192...

Debian DSA-2271-1 : curl - improper delegation of client credentials

Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is...

[SECURITY] [DSA 2271-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2271-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano July 02, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2271-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2271-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano July 02, 2011 http://www.debian.org/security/faq -...

DSA-2271-1 curl - improper delegation of client credentials

Bulletin has no description...

[USN-1158-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

libcurl GSSAPI security vulnerability

Client's security credentials are unconditionally delegated...

USN-1158-1: curl vulnerabilities

Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client's security credential. CVE-2011-2192 Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount ...

Ubuntu Update for curl USN-1158-1

Ubuntu Update for Linux kernel vulnerabilities USN-1158-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11581.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for curl USN-1158-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu: Security Advisory (USN-1158-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CURL-CVE-2011-2192 inappropriate GSSAPI delegation

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...

CVE-2011-2192

The Curlinputnegotiate function in httpnegotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests...

cURL -- inappropriate GSSAPI delegation

cURL reports: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism...

Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)

On-line version will be at http://www.postfix.org/CVE-2011-1720.html Summary ======= The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN the ANONYMOUS mechanism is unaffected but should not be enabled...

Fedora 13 : samba-3.5.8-74.fc13 (2011-3120)

Tue Mar 8 2011 Guenther Deschner - 3.5.8-74 - Update to 3.5.8 - resolves: 617482 - Thu Mar 3 2011 Guenther Deschner - 3.5.7-73 - Security update to 3.5.7 to address CVE-2011-0719 - resolves: 681852 - Thu Jan 6 2011 Guenther Deschner - 3.5.6-72 - Fix GSSAPI checksum for some SMB servers -...