CVE-2014-0015: cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent…

CVE-2016-0755 [MEDIUM] CWE-287 curl: NTLM credentials not-checked for proxy connection re-use curl: NTLM credentials not-checked for proxy connection re-use The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. Package: curl (Red Hat Enterprise Linux 5) - Will not fix Package: curl (Red Hat Enterprise Linux 6) - Will not fix Package: curl (Red Hat Enterprise Linux 7) - Will not fix Package: curl (Red Hat JBoss Enterprise Web Server 3) - Will not fix Package: httpd24-curl (Red Hat Software Collections) - Not affected

CVE-2016-0755 [MEDIUM] CVE-2016-0755: curl - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not pro... The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. Scope: local bookworm: resolved (fixed in 7.47.0-1) bullseye: resolved (fixed in 7.47.0-1) forky: resolved (fixed in 7.47.0-1) sid: resolved (fixed in 7.47.0-1) trixie: resolved (fixed in 7.47.0-1)

CVE-2015-3143 [MEDIUM] CWE-287 curl: re-using authenticated connection when unauthenticated curl: re-using authenticated connection when unauthenticated cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user. Statement: This issue affects the version of curl package as shipped with Red Hat Enter

CVE-2015-3143 [MEDIUM] CVE-2015-3143: curl - cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections... cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. Scope: local bookworm: resolved (fixed in 7.42.0-1) bullseye: resolved (fixed in 7.42.0-1) forky: resolved (fixed in 7.42.0-1) sid: resolved (fixed in 7.42.0-1) trixie: resolved (fixed in 7.42.0-1)

CVE-2013-1752 [MEDIUM] VMware vSphere product updates address security vulnerabilities VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Replace with/ Apply Patch VMware Pro

CVE-2014-0138 [MEDIUM] curl: wrong re-use of connections in libcurl curl: wrong re-use of connections in libcurl The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. Statement: This issue affects the version of curl as shipped with Red Hat Enterprise Linux 5 and 7. The Red Hat Security Response Team has rated this issue as having Moderate security impact, a future update may address this flaw. Package: curl (Red Hat Enterprise Linux 5) - Will not fix Package: curl (Red Hat Enterprise Linux 7) - Not affected

CVE-2014-0015 curl vulnerability Title: curl vulnerability Summary: libcurl could be made to expose sensitive information. Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2014-0015 [MEDIUM] curl: re-use of wrong HTTP NTLM connection in libcurl curl: re-use of wrong HTTP NTLM connection in libcurl cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. Statement: This issue affects the version of curl as shipped with Red Hat Enterprise Linux 5 and 7. The Red Hat Security Response Team has rated this issue as having Moderate security impact, a future update may address this flaw. Mitigation: Avoid using HTTP NTLM in your application. If you must use NTLM authentication, ensure that it is the only requested authentication method (use --ntlm specifically, do not use --anyauth or other authentication methods). Package: curl (Red Hat Enterprise Linux 5) - Will not fix Package:

CVE-2014-0138 [MEDIUM] CVE-2014-0138: curl - The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) S... The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. Scope: local bookworm: resolved (fixed in 7.36.0-1) bullseye: resolved (fixed in 7.36.0-1) forky: resolved (fixed in 7.36.0-1) sid: resolved (fixed in 7.36.0-1) trixie: resolved (fixed in 7.36.0-1)

CVE-2014-0015 [MEDIUM] CVE-2014-0015: curl - cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method... cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. Scope: local bookworm: resolved (fixed in 7.35.0-1) bullseye: resolved (fixed in 7.35.0-1) forky: resolved (fixed in 7.35.0-1) sid: resolved (fixed in 7.35.0-1) trixie: resolved (fixed in 7.35.0-1)

CVE-2014-0015 [MEDIUM] CWE-287 GHSA-93wp-ggwv-r77q: cURL and libcurl 7 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

CVE-2014-0138 [MEDIUM] CWE-287 GHSA-j832-g86m-353x: The default configuration in cURL and libcurl 7 The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

CVE-2016-0755 [MEDIUM] CWE-287 GHSA-ff7q-9j5g-56pg: The ConnectionExists function in lib/url The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

CVE-2015-3143 [MEDIUM] GHSA-6mxf-77w3-cj5m: cURL and libcurl 7 cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

CVE-2016-0755 [MEDIUM] CVE-2016-0755: The ConnectionExists function in lib/url The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

CVE-2015-3143 [MEDIUM] CVE-2015-3143: cURL and libcurl 7 cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

CVE-2014-0138 [MEDIUM] CVE-2014-0138: The default configuration in cURL and libcurl 7 The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

CVE-2014-0015 [MEDIUM] CVE-2014-0015: cURL and libcurl 7 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

CVE-2014-0213 [MEDIUM] CVE-2014-0213 CVE-2014-0214 CVE-2014-0215 CVE-2014-0216 CVE-2014-0217 CVE-2014-0218 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes CVE-2014-0213 CVE-2014-0214 CVE-2014-0215 CVE-2014-0216 CVE-2014-0217 CVE-2014-0218 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws: CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment CVE-2014-0216 MSA-14-0017: File access issue in HTML block CVE-2014-0217 MSA-14-0018: Information leak in courses CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository For a full summary and patch links, refer to the following: http://seclists.org/oss-sec/2014/q2/329 Discussion: Created moodle tra

CVE-2014-0138 [MEDIUM] CVE-2014-0138 curl: wrong re-use of connections in libcurl CVE-2014-0138 curl: wrong re-use of connections in libcurl Daniel Stenberg reported the following vulnerability in cURL: libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can re-use an existing connection to avoid overhead. When re-using a connection a range of criterion must first be met. Due to an error in the code, a transfer that was initiated by an application could wrongfully re-use an existing connection to the same server that was authenticated using different credentials. The existing logic basically only worked well enough for HTTP and FTP, while all other network protocols were silently, but erroneously, assumed to work lik

CVE-2014-0015 [MEDIUM] CVE-2014-0015 curl: re-use of wrong HTTP NTLM connection in libcurl [fedora-all] CVE-2014-0015 curl: re-use of wrong HTTP NTLM connection in libcurl [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. Please note: this issue

CVE-2014-0015 [MEDIUM] CVE-2014-0015 curl: re-use of wrong HTTP NTLM connection in libcurl CVE-2014-0015 curl: re-use of wrong HTTP NTLM connection in libcurl Daniel Stenberg reported the following vulnerability in cURL: libcurl can in some circumstances re-use the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can re-use an existing connection to avoid overhead. When re-using a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully re-use an existing connection to the same server that was authenticated using different credentials. One underlying reason being that NTLM authenticates connections and not requests, contrary to how HTTP is designed to work and how other authenticatio

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware ## Abstract Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l