cURL/libcURL NTLM connection Remote Security Bypass Vulnerability

Bugtraq ID: 65270
Class: Access Validation Error
CVE: CVE-2014-0015
Remote: Yes
Local: No
Published: Jan 29 2014 12:00AM
Updated: Aug 19 2014 12:22AM
Credit: The vendor reported this issue.
Vulnerable: Ubuntu Ubuntu Linux 10.04 LTS
SuSE SUSE Linux Enterprise Server 11 SP2
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Desktop 11 SP2
+ Linux kernel 2.6.5
Slackware Slackware Linux 13.37
Slackware Slackware Linux 13.1
Slackware Slackware Linux 13.0
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Daniel Stenberg curl 7.20
Daniel Stenberg curl 7.19.6
Daniel Stenberg curl 7.19.5
Daniel Stenberg curl 7.19.4
Daniel Stenberg curl 7.19.3
Daniel Stenberg curl 7.19
Daniel Stenberg curl 7.18.1
Daniel Stenberg curl 7.18
Daniel Stenberg curl 7.17
Daniel Stenberg curl 7.16.4
Daniel Stenberg curl 7.15.5
Daniel Stenberg curl 7.15.3
Daniel Stenberg curl 7.15.2
Daniel Stenberg curl 7.15.1
Daniel Stenberg curl 7.15
Daniel Stenberg curl 7.14.1
Daniel Stenberg curl 7.14
Daniel Stenberg curl 7.13.2
Daniel Stenberg curl 7.13.1
Daniel Stenberg curl 7.13
Daniel Stenberg curl 7.12.3
Daniel Stenberg curl 7.12.2
Daniel Stenberg curl 7.12.1
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
Daniel Stenberg curl 7.12
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Daniel Stenberg curl 7.11.2
Daniel Stenberg curl 7.11.1
+ Conectiva Linux 10.0
Daniel Stenberg curl 7.11
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
Daniel Stenberg curl 7.10.8
Daniel Stenberg curl 7.10.7
Daniel Stenberg curl 7.10.6
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Daniel Stenberg curl 7.24.0
Daniel Stenberg curl 7.23.1
Daniel Stenberg curl 7.21.7
Daniel Stenberg curl 7.21.6
Daniel Stenberg curl 7.20.2
Daniel Stenberg curl 7.20.1
Daniel Stenberg curl 7.16.3
CentOS CentOS 6
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus