exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

CVE-2013-6422

Status Candidate

Overview

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

Related Files

HP Security Bulletin HPSBMU03112
Posted Oct 1, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03112 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, xss, csrf
systems | linux, windows
advisories | CVE-2013-4545, CVE-2013-6420, CVE-2013-6422, CVE-2013-6712, CVE-2014-2640, CVE-2014-2641, CVE-2014-2642
MD5 | 096a4b6e918fe386022d2a0049754ee0
Gentoo Linux Security Advisory 201401-14
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422
MD5 | 3ce972737b30b0c5dc026e59570caab5
Debian Security Advisory 2824-1
Posted Dec 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2824-1 - Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend.

tags | advisory
systems | linux, debian
advisories | CVE-2013-6422
MD5 | 03951ab923ba984e12259b4156d30311
Ubuntu Security Notice USN-2058-1
Posted Dec 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2058-1 - Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6422
MD5 | d159278f3ff95f560d5cf10bbbac9e43
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close