CVE-2014-8151

The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://curl.haxx.se/docs/adv_20150108A.html	Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://secunia.com/advisories/61925
https://security.gentoo.org/glsa/201701-47
https://support.apple.com/kb/HT205031

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:haxx:libcurl:7.31.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.32.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.33.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.34.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.35.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.36.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.37.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.37.1:::::::*
	cpe:2.3:a:haxx:libcurl:7.38.0:::::::*
	cpe:2.3:a:haxx:libcurl:7.39:::::::*

History

No history.

Information

Published : 2015-01-15 15:59

Updated : 2017-07-01 01:29

NVD link : CVE-2014-8151

Mitre link : CVE-2014-8151

CVE.ORG link : CVE-2014-8151

JSON object : View

Products Affected

haxx

libcurl

apple

mac_os_x

CWE

NVD-CWE-Other

{"id": "CVE-2014-8151", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-01-15T15:59:07.670", "references": [{"url": "http://curl.haxx.se/docs/adv_20150108A.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/61925", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201701-47", "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/kb/HT205031", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."}, {"lang": "es", "value": "La funci\u00f3n darwinssl_connect_step1 en lib/vtls/curl_darwinssl.c en libcurl 7.31.0 hasta 7.39.0, cuando utiliza el backend DarwinSSL (tambi\u00e9n conocido como SecureTransport) para TLS, no comprueba si una sesi\u00f3n TLS en cach\u00e9 valid\u00f3 el certificado cuando se reutiliza la sesi\u00f3n, lo que permite a atacantes man-in-the-middle falsificar servidores a trav\u00e9s de un certificado manipulado."}], "lastModified": "2017-07-01T01:29:07.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906", "versionEndIncluding": "10.10.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FAC1B55-F492-484E-B837-E7745682DE0A"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0D57914-B40A-462B-9C78-6433BE2B2DB4"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9A12DF7-62C5-46AD-9236-E2821C64156E"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C43697D-390A-4AC0-A5D8-62B6D22245BF"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/295.html\">CWE-295: Improper Certificate Validation</a>", "sourceIdentifier": "secalert@redhat.com"}