Oval Definition:oval:org.opensuse.security:def:202327535
Revision Date:2023-06-22Version:1
Title:CVE-2023-27535
Description:

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-27535
SUSE CVE-2023-27535
SUSE-CU-2023:1103-1
SUSE-CU-2023:1104-1
SUSE-CU-2023:1105-1
SUSE-CU-2023:766-1
SUSE-CU-2023:803-1
SUSE-CU-2023:804-1
SUSE-CU-2023:805-1
SUSE-CU-2023:806-1
SUSE-CU-2023:807-1
SUSE-CU-2023:808-1
SUSE-CU-2023:809-1
SUSE-CU-2023:810-1
SUSE-CU-2023:811-1
SUSE-CU-2023:812-1
SUSE-CU-2023:813-1
SUSE-CU-2023:814-1
SUSE-CU-2023:815-1
SUSE-CU-2023:816-1
SUSE-CU-2023:817-1
SUSE-CU-2023:818-1
SUSE-CU-2023:819-1
SUSE-CU-2023:820-1
SUSE-CU-2023:821-1
SUSE-CU-2023:825-1
SUSE-CU-2023:833-1
SUSE-CU-2023:838-1
SUSE-CU-2023:842-1
SUSE-CU-2023:846-1
SUSE-CU-2023:885-1
SUSE-CU-2023:895-1
SUSE-CU-2023:896-1
SUSE-CU-2023:942-1
SUSE-CU-2023:943-1
SUSE-CU-2023:944-1
SUSE-CU-2023:945-1
SUSE-CU-2023:946-1
SUSE-CU-2023:947-1
SUSE-CU-2023:948-1
SUSE-CU-2023:949-1
SUSE-CU-2023:950-1
SUSE-CU-2023:951-1
SUSE-CU-2023:952-1
SUSE-CU-2023:953-1
SUSE-CU-2023:954-1
SUSE-CU-2023:955-1
SUSE-CU-2023:956-1
SUSE-IU-2023:219-1
SUSE-IU-2023:220-1
SUSE-IU-2023:221-1
SUSE-SU-2023:0865-1
SUSE-SU-2023:1582-1
SUSE-SU-2023:1711-1
SUSE-CU-2023:1229-1
SUSE-CU-2023:1231-1
SUSE-CU-2023:1234-1
SUSE-CU-2023:1236-1
SUSE-CU-2023:1261-1
SUSE-CU-2023:1262-1
SUSE-CU-2023:1458-1
SUSE-CU-2023:1459-1
SUSE-CU-2023:1460-1
SUSE-CU-2023:1461-1
SUSE-CU-2023:1462-1
SUSE-CU-2023:1463-1
SUSE-CU-2023:1464-1
SUSE-CU-2023:1465-1
SUSE-CU-2023:1466-1
SUSE-CU-2023:1467-1
SUSE-CU-2023:1498-1
SUSE-CU-2023:1619-1
SUSE-CU-2023:1621-1
SUSE-CU-2023:1836-1
SUSE-CU-2023:1838-1
SUSE-CU-2023:1839-1
SUSE-CU-2023:1840-1
SUSE-CU-2023:1844-1
SUSE-CU-2023:1897-1
SUSE-CU-2023:2047-1
SUSE-CU-2023:2048-1
SUSE-CU-2023:2049-1
SUSE-CU-2023:2050-1
SUSE-CU-2023:2051-1
SUSE-IU-2023:347-1
SUSE-IU-2023:348-1
SUSE-IU-2023:349-1
SUSE-SU-2023:2226-1
SUSE-SU-2023:2228-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.4 is installed
  • AND Package Information
  • curl is affected
  • OR libcurl4 is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • curl-8.0.1-150400.5.23.1 is installed
  • OR libcurl-devel-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-32bit-8.0.1-150400.5.23.1 is installed
    • BACK