var-200505-0198
Vulnerability from variot
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. cURL/libcURL 7.13.0 Previously, Kerberos Authentication and NTLM from the site performing the authentication. It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded. The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions.
Background
curl is a command line tool for transferring files via many different protocols.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.13.1 >= 7.13.1
Description
curl fails to properly check boundaries when handling NTLM authentication.
Impact
With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading to the execution of arbitrary code with the permissions of the user running curl.
Workaround
Disable NTLM authentication by not using the --anyauth or --ntlm options.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1"
References
[ 1 ] CAN-2005-0490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200503-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200505-0198", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.12.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.12.1" }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "3 (ws)" }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "4 (as)" }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "4 (es)" }, { "model": "asianux server", "scope": null, "trust": 0.8, "vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e", "version": null }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "3 (es)" }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "4 (ws)" }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "2.1 (ws)" }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "3 (as)" }, { "model": "turbolinux server", "scope": null, "trust": 0.8, "vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9", "version": null }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "2.1 (es)" }, { "model": "red hat enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "2.1 (as)" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.4.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.2" }, { "model": "linux alt linux junior", "scope": "eq", "trust": 0.6, "vendor": "alt", "version": "2.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.10.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.6, "vendor": "mandriva", "version": "10.1" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.6" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5" }, { "model": "linux mandrake amd64", "scope": "eq", "trust": 0.6, "vendor": "mandriva", "version": "10.0" }, { "model": "big-ip", "scope": "ne", "trust": 0.6, "vendor": "f5", "version": "4.5.13" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.13" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.10.3" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5.12" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5" }, { "model": "big-ip", "scope": "ne", "trust": 0.6, "vendor": "f5", "version": "4.6.3" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.2" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.4" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.11.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "6.5.1" }, { "model": "3-dns", "scope": "ne", "trust": 0.6, "vendor": "f5", "version": "4.5.13" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.4" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.4" }, { "model": "3-dns", "scope": "ne", "trust": 0.6, "vendor": "f5", "version": "4.6.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "6.5.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.12.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.12.1" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5.11" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.6.2" }, { "model": "propack", "scope": "eq", "trust": 0.6, "vendor": "sgi", "version": "3.0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.2.1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.6, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.12.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.10.7" }, { "model": "linux", "scope": null, "trust": 0.6, "vendor": "gentoo", "version": null }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.10.6" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.12" }, { "model": "stenberg curl", "scope": "ne", "trust": 0.6, "vendor": "daniel", "version": "7.13.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.10.5" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.11" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.6, "vendor": "mandriva", "version": "10.1" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.0" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5.11" }, { "model": "3-dns", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.6.2" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.6" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5.9" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.11.1" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.3" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5.12" }, { "model": "corporate server", "scope": "eq", "trust": 0.6, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5.6" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.10.8" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.10.4" }, { "model": "linux alt linux compact", "scope": "eq", "trust": 0.6, "vendor": "alt", "version": "2.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.1.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.6, "vendor": "mandriva", "version": "10.0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.6, "vendor": "daniel", "version": "7.1" }, { "model": "big-ip", "scope": "eq", "trust": 0.6, "vendor": "f5", "version": "4.5.10" }, { "model": "libcurl", "scope": "eq", "trust": 0.6, "vendor": "libcurl", "version": "7.12.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.5.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.10" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.10.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.5" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.7" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "6.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "6.5" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.4" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.5.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "6.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.6" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.7.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.7.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "6.0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.8" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.4.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "6.4" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "6.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.8" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.6" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.7" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.8.1" }, { "model": "stenberg curl beta", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "6.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.9.5" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.7.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.6.1" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "8.0" }, { "model": "linux personal x86 64", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.2" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.2" }, { "model": "linux personal x86 64", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.1" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.1" }, { "model": "linux personal x86 64", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "8.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.8.2" } ], "sources": [ { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" }, { "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "db": "CNNVD", "id": "CNNVD-200505-184" }, { "db": "NVD", "id": "CVE-2005-0490" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2005-0490" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Credited to infamous41md[at]hotpop.com.", "sources": [ { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" } ], "trust": 0.6 }, "cve": "CVE-2005-0490", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2005-0490", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2005-0490", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2005-0490", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-200505-184", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "db": "CNNVD", "id": "CNNVD-200505-184" }, { "db": "NVD", "id": "CVE-2005-0490" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. cURL/libcURL 7.13.0 Previously, Kerberos Authentication and NTLM from the site performing the authentication. It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded. \nThe overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions. \n\nBackground\n==========\n\ncurl is a command line tool for transferring files via many different\nprotocols. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.13.1 \u003e= 7.13.1\n\nDescription\n===========\n\ncurl fails to properly check boundaries when handling NTLM\nauthentication. \n\nImpact\n======\n\nWith a malicious server an attacker could send a carefully crafted NTLM\nresponse to a connecting client leading to the execution of arbitrary\ncode with the permissions of the user running curl. \n\nWorkaround\n==========\n\nDisable NTLM authentication by not using the --anyauth or --ntlm\noptions. \n\nResolution\n==========\n\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.13.1\"\n\nReferences\n==========\n\n [ 1 ] CAN-2005-0490\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200503-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2005 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.0\n", "sources": [ { "db": "NVD", "id": "CVE-2005-0490" }, { "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" }, { "db": "PACKETSTORM", "id": "36663" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2005-0490", "trust": 3.9 }, { "db": "BID", "id": "12616", "trust": 2.7 }, { "db": "BID", "id": "12615", "trust": 2.7 }, { "db": "SECUNIA", "id": "14364", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2005-000134", "trust": 0.8 }, { "db": "GENTOO", "id": "GLSA-200503-20", "trust": 0.6 }, { "db": "MANDRAKE", "id": "MDKSA-2005:048", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2005:340", "trust": 0.6 }, { "db": "IDEFENSE", "id": "20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL NTLM AUTHENTICATION BUFFER OVERFLOW VULNERABILITY", "trust": 0.6 }, { "db": "IDEFENSE", "id": "20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL KERBEROS AUTHENTICATION BUFFER OVERFLOW VULNERABILITY", "trust": 0.6 }, { "db": "SUSE", "id": "SUSE-SA:2005:011", "trust": 0.6 }, { "db": "CONECTIVA", "id": "CLA-2005:940", "trust": 0.6 }, { "db": "XF", "id": "19423", "trust": 0.6 }, { "db": "FULLDISC", "id": "20050228 [USN-86-1] CURL VULNERABILITY", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200505-184", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "36663", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" }, { "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "db": "PACKETSTORM", "id": "36663" }, { "db": "CNNVD", "id": "CNNVD-200505-184" }, { "db": "NVD", "id": "CVE-2005-0490" } ] }, "id": "VAR-200505-0198", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4615448 }, "last_update_date": "2024-02-27T22:53:51.996000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "RHSA-2005", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=185" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000134" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-131", "trust": 1.0 }, { "problemtype": "Miscalculation of buffer size (CWE-131) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "db": "NVD", "id": "CVE-2005-0490" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/12616" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/12615" }, { "trust": 1.6, "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml" }, { "trust": 1.6, "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000940" }, { "trust": 1.6, "url": "http://www.idefense.com/application/poi/display?id=203\u0026type=vulnerabilities" }, { "trust": 1.6, "url": "http://www.idefense.com/application/poi/display?id=202\u0026type=vulnerabilities" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2005-340.html" }, { "trust": 1.6, "url": "http://www.novell.com/linux/security/advisories/2005_11_curl.html" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:048" }, { "trust": 1.0, "url": "http://marc.info/?l=full-disclosure\u0026m=110959085507755\u0026w=2" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19423" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10273" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0490" }, { "trust": 0.8, "url": "http://secunia.com/advisories/14364/" }, { "trust": 0.6, "url": "http://lists.altlinux.ru/pipermail/security-announce/2005-march/000287.html" }, { "trust": 0.6, "url": "http://curl.haxx.se/" }, { "trust": 0.6, "url": "http://curl.haxx.se/changes.html" }, { "trust": 0.6, "url": "http://www.f5.com/" }, { "trust": 0.6, "url": "http://rhn.redhat.com/errata/rhsa-2005-340.html" }, { "trust": 0.6, "url": "http://marc.theaimsgroup.com/?l=full-disclosure\u0026m=110959085507755\u0026w=2" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/19423" }, { "trust": 0.3, "url": "/archive/1/391041" }, { "trust": 0.3, "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities\u0026id=202" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-0490" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-0490" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-200503-20.xml" } ], "sources": [ { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" }, { "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "db": "PACKETSTORM", "id": "36663" }, { "db": "CNNVD", "id": "CNNVD-200505-184" }, { "db": "NVD", "id": "CVE-2005-0490" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" }, { "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "db": "PACKETSTORM", "id": "36663" }, { "db": "CNNVD", "id": "CNNVD-200505-184" }, { "db": "NVD", "id": "CVE-2005-0490" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-02-22T00:00:00", "db": "BID", "id": "12616" }, { "date": "2005-02-22T00:00:00", "db": "BID", "id": "12615" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "date": "2005-03-22T05:24:05", "db": "PACKETSTORM", "id": "36663" }, { "date": "2005-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-200505-184" }, { "date": "2005-05-02T04:00:00", "db": "NVD", "id": "CVE-2005-0490" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-08-24T17:54:00", "db": "BID", "id": "12616" }, { "date": "2006-08-24T17:54:00", "db": "BID", "id": "12615" }, { "date": "2024-02-27T05:23:00", "db": "JVNDB", "id": "JVNDB-2005-000134" }, { "date": "2005-10-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200505-184" }, { "date": "2024-02-02T03:05:29.487000", "db": "NVD", "id": "CVE-2005-0490" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cURL/libcURL\u00a0 of \u00a0Kerberos\u00a0 Authentication and \u00a0NTLM\u00a0 Buffer overflow vulnerability in authentication", "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000134" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "12616" }, { "db": "BID", "id": "12615" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.