#VU33077 Improper Authentication in cURL - CVE-2016-0755

Cybersecurity Help s.r.o.

Published: 2016-01-29 | Updated: 2020-08-03

Vulnerability identifier: #VU33077

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-0755

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

Mitigation
Install update from vendor's website.

Vulnerable software versions

cURL: 7.1 - 7.46.0

External links
https://curl.haxx.se/docs/adv_20160127A.html
https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html
https://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html
https://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html
https://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html
https://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html
https://www.debian.org/security/2016/dsa-3455
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.securityfocus.com/bid/82307
https://www.securitytracker.com/id/1034882
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965
https://www.ubuntu.com/usn/USN-2882-1
https://security.gentoo.org/glsa/201701-47
https://support.apple.com/HT207170

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for curl

Slackware Linux update for curl

Improper Authentication in curl (Alpine package)

Fedora 22 update for mingw-curl

Fedora 23 update for mingw-curl

Improper Authentication in curl.haxx.se cURL

Fedora 23 update for curl

Fedora 22 update for curl