#VU32263 Cryptographic issues in cURL - CVE-2016-5419

Cybersecurity Help s.r.o.

Published: 2016-08-10 | Updated: 2020-07-28

Vulnerability identifier: #VU32263

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-5419

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Mitigation
Install update from vendor's website.

Vulnerable software versions

cURL: 7.50.0

External links
https://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
https://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
https://rhn.redhat.com/errata/RHSA-2016-2575.html
https://rhn.redhat.com/errata/RHSA-2016-2957.html
https://www.debian.org/security/2016/dsa-3638
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.securityfocus.com/bid/92292
https://www.securityfocus.com/bid/92319
https://www.securitytracker.com/id/1036538
https://www.securitytracker.com/id/1038341
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
https://www.ubuntu.com/usn/USN-3048-1
https://access.redhat.com/errata/RHSA-2018:3558
https://curl.haxx.se/docs/adv_20160803A.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/
https://security.gentoo.org/glsa/201701-47
https://source.android.com/security/bulletin/2016-12-01.html
https://www.tenable.com/security/tns-2016-18

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru and QLogic Virtual Fabric Extension Module for IBM BladeCenter

Arch Linux update for curl

Amazon Linux AMI update for curl

Cryptographic issues in curl.haxx.se cURL

Slackware Linux update for curl

Cryptographic issues in curl (Alpine package)

Fedora 24 update for curl

Fedora 23 update for curl