FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

curl -- authentication buffer overflow vulnerability

Affected packages
curl < 7.13.1

Details

VuXML ID 96df5fd0-8900-11d9-aa18-0001020eed82
Discovery 2004-12-21
Entry 2005-02-27

Two iDEFENSE Security Advisories reports:

An exploitable stack-based buffer overflow condition exists when using NT Lan Manager (NTLM) authentication. The problem specifically exists within Curl_input_ntlm() defined in lib/http_ntlm.c.

Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using NTLM authentication.

An exploitable stack-based buffer overflow condition exists when using Kerberos authentication. The problem specifically exists within the functions Curl_krb_kauth() and krb4_auth() defined in lib/krb4.c.

Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using Kerberos authentication.

References

Bugtraq ID 12615
Bugtraq ID 12616
CVE Name CVE-2005-0490
Message FB24803D1DF2A34FA59FC157B77C970503E2462E@idserv04.idef.com
Message FB24803D1DF2A34FA59FC157B77C970503E2462D@idserv04.idef.com