Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3185

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3185
Last Modified 07 Mar 2011 12:00:00
Published 13 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3185

Summary

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

Vulnerable Systems

Application

  • Curl 7.13.2

  • Libcurl 7.13.2

  • Wget 1.10


References

IDEFENSE - 20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability

XF - wget-curl-ntlm-username-bo(22721)

VUPEN - ADV-2005-2659

VUPEN - ADV-2005-2125

VUPEN - ADV-2005-2088

UBUNTU - USN-205-1

BID - 15647

BID - 15102

REDHAT - RHSA-2005:812

REDHAT - RHSA-2005:807

FEDORA - FEDORA-2005-1000

FEDORA - FEDORA-2005-1129

OSVDB - 20011

SUSE - SUSE-SA:2005:063

MANDRIVA - MDKSA-2005:182

GENTOO - GLSA-200510-19

DEBIAN - DSA-919

SLACKWARE - SSA:2005-310-01

SECTRACK - 1015057

SECTRACK - 1015056

SREASON - 82

SECUNIA - 19193

SECUNIA - 17965

SECUNIA - 17813

SECUNIA - 17485

SECUNIA - 17403

SECUNIA - 17400

SECUNIA - 17320

SECUNIA - 17297

SECUNIA - 17247

SECUNIA - 17228

SECUNIA - 17208

SECUNIA - 17203

SECUNIA - 17193

SECUNIA - 17192

TRUSTIX - TSLSA-2005-0059

APPLE - APPLE-SA-2005-11-29

SCO - SCOSA-2006.10

Related Patches

Apple 2005-11-29 Security Update 2005-009 v 1.0 (Mac OS X 10.4.3 Server)

Apple 2006-03-01 Security Update 2006-001 Mac OS X 10.4.5 (PPC)


Last Updated: 27 May 2016 10:40:50