Oval Definition:	oval:org.mitre.oval:def:13004
Revision Date: 2014-06-23 Version: 20 Title: DSA-2271-1 curl -- improper delegation of client credentials Description: Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a very sensitive operation, which should only be done when the user explicitly so directs. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2011-2192 DSA-2271-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Product(s): curl Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND curl DPKG is earlier than 7.18.2-8lenny5 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND Installed architecture is all AND curl DPKG is earlier than 7.21.0-2
BACK