Isaac Boukris

Name of the Vulnerable Software and Affected Versions: Curl versions prior to 7.49.1 Apple OS X versions prior to 10.12 Description: The issue allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Recommendations: For Curl versions prior to 7.49.1, update to version 7.49.1 or later. For Apple OS X versions prior to 10.12, update to macOS Sierra 10.12 or later.

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.8.x up to, excluding 4.8.12 Samba versions 4.9.x up to, excluding 4.9.8 Samba versions 4.10.x up to, excluding 4.10.3 **Description** A flaw was found in Samba's Heimdal KDC implementation when used in AD DC mode, allowing a man-in-the-middle attacker to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC, effectively obtaining a ticket for that principal. The issue is related to improper checksum validation in the S4U2Self extension, which can allow attackers to elevate their privileges and access privileged resources. **Recommendations** For Samba versions 4.8.x up to, excluding 4.8.12, update to version 4.8.12 or later to resolve the issue. For Samba versions 4.9.x up to, excluding 4.9.8, update to version 4.9.8 or later to resolve the issue. For Samba versions 4.10.x up to, excluding 4.10.3, update to version 4.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Heimdal KDC implementation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libcurl versions prior to 7.47.0 **Description** The issue is related to the ConnectionExists function in lib/url.c, which has weaknesses in its authentication procedure. This could allow a remote attacker to authenticate as another user by sending a request. The problem is associated with the improper re-use of NTLM-authenticated proxy connections. **Recommendations** For versions prior to 7.47.0, update to version 7.47.0 or later to resolve the issue. As a temporary workaround, consider restricting access to NTLM-authenticated proxy connections to minimize the risk of exploitation. Avoid using the `ConnectionExists` function in lib/url.c until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** cURL and libcurl versions 7.10.6 through 7.41.0 apple mac os x (affected versions not specified) canonical ubuntu linux (affected versions not specified) debian debian linux (affected versions not specified) fedoraproject fedora (affected versions not specified) haxx curl (affected versions not specified) haxx libcurl (affected versions not specified) hp system management homepage (affected versions not specified) opensuse (affected versions not specified) **Description** The issue arises from the improper re-use of authenticated Negotiate connections, allowing remote attackers to connect as other users via a request. libcurl keeps a pool of its last few connections after use to facilitate easy connection re-use. However, when doing HTTP requests with Negotiate authentication, the entire connection may become authenticated, not just the specific HTTP request. This is because Negotiate can use NTLM under the hood. As a result, libcurl may end up re-using an authenticated Negotiate connection and sending subsequent requests on it using new credentials, while the connection remains authenticated with previous initial credentials. **Recommendations** For cURL and libcurl versions 7.10.6 through 7.41.0, consider disabling the re-use of authenticated Negotiate connections until a patch is available. For apple mac os x, canonical ubuntu linux, debian debian linux, fedoraproject fedora, haxx curl, haxx libcurl, hp system management homepage, and opensuse, at the moment, there is no information about a newer version that contains a fix for this vulnerability.