ArchLinux: 201602-4: lib32-curl: authentication bypass
Summary
A vulnerability was found in a way libcurl uses NTLM-authenticated proxy
connections. Libcurl will reuse NTLM-authenticated proxy connections
without properly making sure that the connection was authenticated with
the same credentials as set for this transfer.
Since NTLM-based authentication is connection oriented instead of
request oriented as other HTTP based authentication, it is important
that only connections that have been authenticated with the correct
username + password are reused. This was done properly for server
connections already, but libcurl failed to do it properly for proxy
connections using NTLM, which might allow remote attackers to
authenticate as other users via a request.
Resolution
Upgrade to 7.47.0-1.
# pacman -Syu "lib32-curl>=7.47.0-1"
The problem has been fixed upstream in version 7.47.0.
References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0755 https://curl.se/docs/CVE-2016-0755.html
Workaround
None.