Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Published

2021-08-05T21:15:11.553

Last Modified

2024-11-21T05:50:56.047

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-840
Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	< 7.78.0	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Application	netapp	clustered_data_ontap	-	Yes
Application	netapp	hci_management_node	-	Yes
Application	netapp	oncommand_insight	-	Yes
Application	netapp	oncommand_workflow_automation	-	Yes
Application	netapp	snapcenter	-	Yes
Application	netapp	solidfire	-	Yes
Application	oracle	mysql_server	≤ 5.7.35	Yes
Application	oracle	mysql_server	≤ 8.0.26	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.58	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.59	Yes
Application	siemens	sinec_infrastructure_network_services	< 1.0.1.1	Yes
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h300e_firmware	-	Yes
Hardware	netapp	h300e	-	No
Operating System	netapp	h500e_firmware	-	Yes
Hardware	netapp	h500e	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h700e_firmware	-	Yes
Hardware	netapp	h700e	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Application	splunk	universal_forwarder	< 8.2.12	Yes
Application	splunk	universal_forwarder	< 9.0.6	Yes
Application	splunk	universal_forwarder	9.1.0	Yes

References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory ([email protected])
https://hackerone.com/reports/1234760 Exploit, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202212-01 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20210902-0003/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20211022-0003/ Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1234760 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202212-01 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210902-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211022-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)