Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2013-1944 curl: Cookie domain suffix match vulnerability|
|Product:||[Other] Security Response||Reporter:||Jan Lieskovsky <jlieskov>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||hkario, jrusnack, kdudka, mjc, security-response-team|
|Fixed In Version:||curl 7.30.0||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-04-24 16:55:15 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||950934, 950935, 950937, 950941, 951417|
Description Jan Lieskovsky 2013-04-10 08:54:29 EDT
A security flaw was found in the way the library of cURL, an utility for retrieval of files from remote servers, performed match of cookie domain names when making a decision if (previously stored cookies) should be sent to particular domain. Due to a bug in match function implementation, (formerly) the decision / match succeeded also in cases, where just suffix / certain part of the domain name matched the domain name, the current request originated from. A remote attacker could use this flaw to possibly hijack the user session of the victim by submitting a request containing a specially-crafted domain name. References:  http://thread.gmane.org/gmane.comp.web.curl.library/38986 Acknowledgements: Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges YAMADA Yasuharu as the original reporter.
Comment 3 Jan Lieskovsky 2013-04-10 09:09:30 EDT
This issue affects the versions of the curl package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the curl package, as shipped with Fedora release of 17 and 18.
Comment 6 Jan Lieskovsky 2013-04-11 04:22:44 EDT
The CVE identifier of CVE-2013-1944 has been assigned to this issue.
Comment 7 Jan Lieskovsky 2013-04-11 04:24:37 EDT
Proposed upstream patch is available at: http://curl.haxx.se/curl-tailmatch.patch
Comment 8 Jan Lieskovsky 2013-04-11 04:26:58 EDT
Created attachment 734032 [details] Local copy of proposed upstream patch
Comment 10 Jan Lieskovsky 2013-04-12 04:58:13 EDT
External References: http://curl.haxx.se/docs/adv_20130412.html
Comment 11 Jan Lieskovsky 2013-04-12 04:59:41 EDT
Created curl tracking bugs for this issue Affects: fedora-all [bug 951417]
Comment 12 Jan Lieskovsky 2013-04-12 05:03:11 EDT
Comment 16 Fedora Update System 2013-04-17 22:34:24 EDT
curl-7.27.0-8.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2013-04-20 15:45:30 EDT
curl-7.29.0-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Comment 18 errata-xmlrpc 2013-04-24 13:37:24 EDT
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0771 https://rhn.redhat.com/errata/RHSA-2013-0771.html
Comment 19 Fedora Update System 2013-05-01 00:23:56 EDT
curl-7.29.0-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2013-05-05 23:49:02 EDT
curl-7.27.0-9.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.