SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   curl Vendors:   curl.haxx.se
(Oracle Issues Fix for Oracle Linux) cURL HTTP Redirect Processing May Let Remote Users Obtain Potentially Sensitive Information from Custom Authentication Headers
SecurityTracker Alert ID:  1042072
SecurityTracker URL:  http://securitytracker.com/id/1042072
CVE Reference:   CVE-2018-1000007   (Links to External Site)
Date:  Nov 12 2018
Impact:   Disclosure of authentication information, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1 - 7.57.0
Description:   A vulnerability was reported in cURL. A remote user can obtain potentially sensitive information on the target system.

When sending custom headers in an HTTP request and an HTTP 30X redirect response code is received, libcurl sends the custom headers to the server specified in the 'Location:' response header. A remote user may be able to obtain potentially sensitive authentication information from applications that use custom 'Authorization:' headers.

The vendor was notified on January 18, 2018.

Craig de Stigter reported this vulnerability.

Impact:   A remote user may be able to obtain potentially sensitive authentication information from applications that use custom 'Authorization:' headers.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2018-3157.html

Vendor URL:  linux.oracle.com/errata/ELSA-2018-3157.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 25 2018 cURL HTTP Redirect Processing May Let Remote Users Obtain Potentially Sensitive Information from Custom Authentication Headers



 Source Message Contents

Subject:  [El-errata] ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3157

http://linux.oracle.com/errata/ELSA-2018-3157.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
curl-7.29.0-51.el7.x86_64.rpm
libcurl-7.29.0-51.el7.i686.rpm
libcurl-7.29.0-51.el7.x86_64.rpm
libcurl-devel-7.29.0-51.el7.i686.rpm
libcurl-devel-7.29.0-51.el7.x86_64.rpm
nss-pem-1.0.3-5.el7.i686.rpm
nss-pem-1.0.3-5.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-51.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-pem-1.0.3-5.el7.src.rpm



Description of changes:

curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum 
(#1610998)

[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)

[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write 
(CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)

nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC