Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0490

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-0490
Last Modified 21 Aug 2010 12:26:13
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-0490

Summary

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

Vulnerable Systems

Application

  • Curl 7.12.1

  • Libcurl 7.12.1


References

GENTOO - GLSA-200503-20

FULLDISC - 20050228 [USN-86-1] cURL vulnerability

CONECTIVA - CLA-2005:940

XF - curl-kerberos-bo(19423)

IDEFENSE - 20050221 Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability

IDEFENSE - 20050221 Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability

BID - 12616

BID - 12615

REDHAT - RHSA-2005:340

SUSE - SUSE-SA:2005:011

MANDRAKE - MDKSA-2005:048


Last Updated: 27 May 2016 10:39:50