blob: a102d105d8aac6e89b4866b229c0527dbe1f73c8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200510-19">
<title>cURL: NTLM username stack overflow</title>
cURL is vulnerable to a buffer overflow which could lead to the execution
of arbitrary code.
<product type="ebuild">cURL</product>
<announced>October 22, 2005</announced>
<revised>October 22, 2005: 01</revised>
<package name="net-misc/curl" auto="yes" arch="*">
<unaffected range="ge">7.15.0</unaffected>
<vulnerable range="lt">7.15.0</vulnerable>
cURL is a command line tool and library for transferring files via
many different protocols. It supports NTLM authentication to retrieve
files from Windows-based systems.
iDEFENSE reported that insufficient bounds checking on a memcpy()
of the supplied NTLM username can result in a stack overflow.
<impact type="normal">
A remote attacker could setup a malicious server and entice an
user to connect to it using a cURL client, potentially leading to the
execution of arbitrary code with the permissions of the user running
Disable NTLM authentication by not using the --anyauth or --ntlm
options when using cURL (the command line version). Workarounds for
programs that use the cURL library depend on the configuration options
presented by those programs.
All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-misc/curl-7.15.0&quot;</code>
<uri link="">CVE-2005-3185</uri>
<uri link=";type=vulnerabilities">iDefense Security Advisory 10.13.05</uri>
<metadata tag="submitter" timestamp="Fri, 21 Oct 2005 09:04:01 +0000">
<metadata tag="bugReady" timestamp="Fri, 21 Oct 2005 09:04:50 +0000">