CVE-2015-3148

Name of the Vulnerable Software and Affected Versions cURL and libcurl versions 7.10.6 through 7.41.0 apple mac os x (affected versions not specified) canonical ubuntu linux (affected versions not specified) debian debian linux (affected versions not specified) fedoraproject fedora (affected versions not specified) haxx curl (affected versions not specified) haxx libcurl (affected versions not specified) hp system management homepage (affected versions not specified) opensuse (affected versions not specified)

Description The issue arises from the improper re-use of authenticated Negotiate connections, allowing remote attackers to connect as other users via a request. libcurl keeps a pool of its last few connections after use to facilitate easy connection re-use. However, when doing HTTP requests with Negotiate authentication, the entire connection may become authenticated, not just the specific HTTP request. This is because Negotiate can use NTLM under the hood. As a result, libcurl may end up re-using an authenticated Negotiate connection and sending subsequent requests on it using new credentials, while the connection remains authenticated with previous initial credentials.

Recommendations For cURL and libcurl versions 7.10.6 through 7.41.0, consider disabling the re-use of authenticated Negotiate connections until a patch is available. For apple mac os x, canonical ubuntu linux, debian debian linux, fedoraproject fedora, haxx curl, haxx libcurl, hp system management homepage, and opensuse, at the moment, there is no information about a newer version that contains a fix for this vulnerability.