cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability

Bugtraq ID:	69748
Class:	Access Validation Error
CVE:	CVE-2014-3613
Remote:	Yes
Local:	No
Published:	Sep 11 2014 12:00AM
Updated:	Jul 05 2016 10:09PM
Credit:	Tim Ruehsen
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Oracle Linux 0 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64
Not Vulnerable:

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability

cURL/libcURL is prone to a remote security-bypass vulnerability.

An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.

cURL/libcURL 7.1 through 7.37.1 are vulnerable.

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability

References:

• cURL Home Page (cURL)