The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 up to and including 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx libcurl |
||
apple mac os x |
||
fedoraproject fedora 14 |
||
fedoraproject fedora 15 |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 10.10 |
||
canonical ubuntu linux 11.04 |