Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : curl vulnerability (USN-2097-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly
reused connections when NTLM authentication was being used. This could
lead to the use of unintended credentials, possibly exposing sensitive
information.

Solution :

Update the affected libcurl3, libcurl3-gnutls and / or libcurl3-nss
packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 72278 ()

Bugtraq ID: 65270

CVE ID: CVE-2014-0015