CVE-2011-2192 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-2192 Interim 1 15 2023-02-15T02:27:55Z current 2021-05-30T12:57:47Z 2023-02-15T02:27:55Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-2192 The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-updates/2012-02/msg00001.html E-Mail link for openSUSE-SU-2012:0199-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Software Development Kit 11 SP4 curl-7.19.7-1.18.1 curl-7.19.7-1.26.8 curl-7.19.7-1.42.1 curl-openssl1-7.19.7-1.55.1 libcurl-devel-7.19.7-1.42.1 libcurl4-32bit-7.19.7-1.18.1 libcurl4-32bit-7.19.7-1.26.8 libcurl4-32bit-7.19.7-1.42.1 libcurl4-7.19.7-1.18.1 libcurl4-7.19.7-1.26.8 libcurl4-7.19.7-1.42.1 libcurl4-openssl1-32bit-7.19.7-0.38.1 libcurl4-openssl1-7.19.7-0.38.1 libcurl4-x86-7.19.7-1.18.1 libcurl4-x86-7.19.7-1.26.8 libcurl4-x86-7.19.7-1.42.1 libzypp-6.37.5-0.5.6 perl-satsolver-0.14.19-0.3.8 python-satsolver-0.14.19-0.3.8 satsolver-tools-0.14.19-0.3.8 yast2-packager-2.17.78.3-0.3.11 yast2-pkg-bindings-2.17.45.5-0.3.1 yast2-wagon-2.17.17.8-0.3.1 zypper-1.3.16-0.3.7 curl-7.19.7-1.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libcurl4-7.19.7-1.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libcurl4-32bit-7.19.7-1.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libzypp-6.37.5-0.5.6 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA perl-satsolver-0.14.19-0.3.8 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA python-satsolver-0.14.19-0.3.8 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA satsolver-tools-0.14.19-0.3.8 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA yast2-packager-2.17.78.3-0.3.11 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA yast2-pkg-bindings-2.17.45.5-0.3.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA yast2-wagon-2.17.17.8-0.3.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA zypper-1.3.16-0.3.7 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA curl-7.19.7-1.18.1 as a component of SUSE Linux Enterprise Server 11 SP2 libcurl4-7.19.7-1.18.1 as a component of SUSE Linux Enterprise Server 11 SP2 libcurl4-32bit-7.19.7-1.18.1 as a component of SUSE Linux Enterprise Server 11 SP2 libcurl4-x86-7.19.7-1.18.1 as a component of SUSE Linux Enterprise Server 11 SP2 curl-7.19.7-1.26.8 as a component of SUSE Linux Enterprise Server 11 SP3 libcurl4-7.19.7-1.26.8 as a component of SUSE Linux Enterprise Server 11 SP3 libcurl4-32bit-7.19.7-1.26.8 as a component of SUSE Linux Enterprise Server 11 SP3 libcurl4-x86-7.19.7-1.26.8 as a component of SUSE Linux Enterprise Server 11 SP3 curl-7.19.7-1.42.1 as a component of SUSE Linux Enterprise Server 11 SP4 libcurl4-7.19.7-1.42.1 as a component of SUSE Linux Enterprise Server 11 SP4 libcurl4-32bit-7.19.7-1.42.1 as a component of SUSE Linux Enterprise Server 11 SP4 libcurl4-x86-7.19.7-1.42.1 as a component of SUSE Linux Enterprise Server 11 SP4 curl-openssl1-7.19.7-1.55.1 as a component of SUSE Linux Enterprise Server 11-SECURITY libcurl4-openssl1-7.19.7-0.38.1 as a component of SUSE Linux Enterprise Server 11-SECURITY libcurl4-openssl1-32bit-7.19.7-0.38.1 as a component of SUSE Linux Enterprise Server 11-SECURITY libcurl-devel-7.19.7-1.42.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. CVE-2011-2192 SUSE Linux Enterprise Server 11 SP1-TERADATA:curl-7.19.7-1.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libcurl4-7.19.7-1.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libcurl4-32bit-7.19.7-1.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libzypp-6.37.5-0.5.6 SUSE Linux Enterprise Server 11 SP1-TERADATA:perl-satsolver-0.14.19-0.3.8 SUSE Linux Enterprise Server 11 SP1-TERADATA:python-satsolver-0.14.19-0.3.8 SUSE Linux Enterprise Server 11 SP1-TERADATA:satsolver-tools-0.14.19-0.3.8 SUSE Linux Enterprise Server 11 SP1-TERADATA:yast2-packager-2.17.78.3-0.3.11 SUSE Linux Enterprise Server 11 SP1-TERADATA:yast2-pkg-bindings-2.17.45.5-0.3.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:yast2-wagon-2.17.17.8-0.3.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:zypper-1.3.16-0.3.7 SUSE Linux Enterprise Server 11 SP2:curl-7.19.7-1.18.1 SUSE Linux Enterprise Server 11 SP2:libcurl4-7.19.7-1.18.1 SUSE Linux Enterprise Server 11 SP2:libcurl4-32bit-7.19.7-1.18.1 SUSE Linux Enterprise Server 11 SP2:libcurl4-x86-7.19.7-1.18.1 SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.26.8 SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.26.8 SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.26.8 SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.26.8 SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.42.1 SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.42.1 SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.42.1 SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.19.7-1.42.1 SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.19.7-1.55.1 SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.19.7-0.38.1 SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.19.7-0.38.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.42.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N