4466 matches found
CVE-2013-6422
Summary of CVE-2013-6422 : The GnuTLS backend in libcurl for versions 7.21.4 through 7.33.0 disables host name verification (CURLOPT_SSL_VERIFYHOST) when CURLOPT_SSL_VERIFYPEER is off, making it easier for remote attackers to spoof servers and perform man-in-the-middle attacks. Affected component...
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...
[USN-2058-1] curl vulnerability
========================================================================== Ubuntu Security Notice USN-2058-1 December 18, 2013 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Ubuntu Update for curl USN-2058-1
Check for the Version of curl OpenVAS Vulnerability Test $Id: gbubuntuUSN20581.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for curl USN-2058-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
Ubuntu: Security Advisory (USN-2058-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2824-1 : curl - unchecked tls/ssl certificate host name
Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. The default configuration for the curl package is not affected by this issue since the digital...
[SECURITY] [DSA 2824-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2824-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 19, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2824-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2824-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 19, 2013 http://www.debian.org/security/faq -...
DSA-2824-1 curl - unchecked tls/ssl certificate host name
Bulletin has no description...
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : curl vulnerability (USN-2058-1)
Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle atta...
Debian Security Advisory DSA 2824-1 (curl - unchecked tls/ssl certificate host name)
Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. The default configuration for the curl package is not affected by this issue since the digital...
FreeBSD : cURL library -- cert name check ignore with GnuTLS (4e1f4abc-6837-11e3-9cda-3c970e169bc2)
cURL project reports : libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
USN-2058-1: curl vulnerability
Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a machine-in-the-middle...
Debian: Security Advisory (DSA-2824-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...
cURL library -- cert name check ignore with GnuTLS
cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
openSUSE: Security Advisory for pidgin (openSUSE-SU-2013:0511-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GnuTLS DANE dane.c Heap Buffer Overflow (CVE-2013-4466)
A heap buffer overflow vulnerability has been reported in GnuTLS...
MGASA-2013-0354 Updated gnutls package fixes security vulnerability
A DNS server that returns more 4 DANE entries could corrupt the memory of a requesting client using the DANE library from GnuTLS before 3.1.15 and 3.2.5 CVE-2013-4466. This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs...