ID CVE-2005-0490
Summary Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
References
Vulnerable Configurations
  • cpe:2.3:a:curl:curl:7.12.1
    cpe:2.3:a:curl:curl:7.12.1
  • cpe:2.3:a:libcurl:libcurl:7.12.1
    cpe:2.3:a:libcurl:libcurl:7.12.1
CVSS
Base: 5.1 (as of 07-06-2005 - 15:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-340.NASL
    description Updated curl packages are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Multiple buffer overflow bugs were found in the way curl processes base64 encoded replies. If a victim can be tricked into visiting a URL with curl, a malicious web server could execute arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0490 to this issue. All users of curl are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21805
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21805
    title CentOS 3 / 4 : curl (CESA-2005:340)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL4447.NASL
    description Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78203
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78203
    title F5 Networks BIG-IP : cURL buffer overflow vulnerability (SOL4447)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2005_011.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2005:011 (curl). infamous41md@hotpop.com reported a vulnerability in libcurl, the HTTP/FTP retrieval library. This library is used by lots of programs, including YaST2 and PHP4. The NTLM authorization in curl had a buffer overflow in the base64 decoding which allows a remote attacker using a prepared remote server to execute code for the user using curl. The Kerberos authorization has a similar bug, but is not compiled in on SUSE Linux. This is tracked by the Mitre CVE ID CVE-2005-0490.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 17238
    published 2005-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17238
    title SUSE-SA:2005:011: curl
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-048.NASL
    description 'infamous41md' discovered a buffer overflow vulnerability in libcurl's NTLM authorization base64 decoding. This could allow a remote attacker using a prepared remote server to execute arbitrary code as the user running curl. The updated packages are patched to deal with these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 17277
    published 2005-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17277
    title Mandrake Linux Security Advisory : curl (MDKSA-2005:048)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200503-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200503-20 (curl: NTLM response buffer overflow) curl fails to properly check boundaries when handling NTLM authentication. Impact : With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading to the execution of arbitrary code with the permissions of the user running curl. Workaround : Disable NTLM authentication by not using the --anyauth or --ntlm options.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 17345
    published 2005-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17345
    title GLSA-200503-20 : curl: NTLM response buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-86-1.NASL
    description infamous41md discovered a buffer overflow in cURL's NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-25
    plugin id 20711
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20711
    title Ubuntu 4.10 : curl vulnerability (USN-86-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-340.NASL
    description Updated curl packages are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Multiple buffer overflow bugs were found in the way curl processes base64 encoded replies. If a victim can be tricked into visiting a URL with curl, a malicious web server could execute arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0490 to this issue. All users of curl are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17979
    published 2005-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17979
    title RHEL 2.1 / 3 / 4 : curl (RHSA-2005:340)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_96DF5FD0890011D9AA180001020EED82.NASL
    description Two iDEFENSE Security Advisories reports : An exploitable stack-based buffer overflow condition exists when using NT Lan Manager (NTLM) authentication. The problem specifically exists within Curl_input_ntlm() defined in lib/http_ntlm.c. Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using NTLM authentication. An exploitable stack-based buffer overflow condition exists when using Kerberos authentication. The problem specifically exists within the functions Curl_krb_kauth() and krb4_auth() defined in lib/krb4.c. Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using Kerberos authentication.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 19038
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19038
    title FreeBSD : curl -- authentication buffer overflow vulnerability (96df5fd0-8900-11d9-aa18-0001020eed82)
oval via4
accepted 2013-04-29T04:04:13.466-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
family unix
id oval:org.mitre.oval:def:10273
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:340
refmap via4
bid
  • 12615
  • 12616
conectiva CLA-2005:940
fulldisc 20050228 [USN-86-1] cURL vulnerability
gentoo GLSA-200503-20
idefense
  • 20050221 Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability
  • 20050221 Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability
mandrake MDKSA-2005:048
suse SUSE-SA:2005:011
xf curl-kerberos-bo(19423)
Last major update 17-10-2016 - 23:11
Published 02-05-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top