CVE-2014-0138 – curl: wrong re-use of connections in libcurl
https://notcve.org/view.php?id=CVE-2014-0138
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. La configuración por defecto en cURL y libcurl 7.10.6 anterior a 7.36.0 re-utiliza conexiones (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP y (10) LDAPS, lo que podría permitir a atacantes dependientes de contexto conectar como otro usuario a través de una petición, un problema similar a CVE-2014-0015. • http://curl.haxx.se/docs/adv_20140326A.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/58615 http://secunia.com/advisories/59458 http://www-01.ibm.com/support/docview.wss?uid=swg21675820 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862 http:/ • CWE-287: Improper Authentication •
CVE-2014-0139
https://notcve.org/view.php?id=CVE-2014-0139
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. cURL y libcurl 7.1 anterior a 7.36.0, cuando utilizando las librerías OpenSSL, axtls, gsossl o gskit para TLS, reconoce una dirección IP comodín (wildcard) en el campo del asunto Common Name (CN) de un certificado X.509, lo cual permitiría a atacantes man-in-the-middle suplantar servidores SSL arbitrarios a través de un certificado manipulado emitido por una autoridad de certificación legítima. • http://advisories.mageia.org/MGASA-2015-0165.html http://curl.haxx.se/docs/adv_20140326B.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/58615 http://secunia.com/advisories/59458 http://www-01.ibm.com/support/docview.wss?uid=swg21675820 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862 http: • CWE-310: Cryptographic Issues •
CVE-2014-0015 – curl: re-use of wrong HTTP NTLM connection in libcurl
https://notcve.org/view.php?id=CVE-2014-0015
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. cURL y libcurl 7.10.6 hasta 7.34.0, cuando más de un método de autenticación está habilitado, reutiliza conexiones NTLM, lo que podría permitir a atacantes dependientes de contexto autenticarse como otros usuarios a través de una solicitud. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://curl.haxx.se/docs/adv_20140129.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00066.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56728 http:/ • CWE-287: Improper Authentication •
CVE-2013-4545
https://notcve.org/view.php?id=CVE-2013-4545
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. cURL y libcurl 7.18.0 hasta la versión 7.32.0, cuando es compilado con OpenSSL, desactiva la verificación del nombre de campos del certificado CN y SAN (CURLOPT_SSL_VERIFYHOST) cuando la verificación de firma digital (CURLOPT_SSL_VERIFYPEER) está desactivada, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://curl.haxx.se/docs/adv_20131115.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00047.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00053.html http://www.debian.org/security/2013/dsa-2798 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.ubuntu.com/usn/USN-2048-1 https:// • CWE-310: Cryptographic Issues •
CVE-2013-2174 – curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs
https://notcve.org/view.php?id=CVE-2013-2174
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Desbordamiento de búfer basado en memoria dinámica en la función curl_easy_unescape en lib/escape.c en cURL y libcurl 7.7 a la 7.30.0, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código arbitrario a través de una cadena manipulada que termina con el carácter "%". • http://curl.haxx.se/docs/adv_20130622.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0983.html http://www.debian.org/security/2013/dsa-2713 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/60737 http://www.ubuntu.com/usn/USN-1894-1 https://github.com/bagder/curl/commit/192c4f788d48 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •