Details of VAR-E-200502-0248

ID

VAR-E-200502-0248

CVE

cve_id:

CVE-2005-0490

Trust: 0.6

sources: BID: 12616 // BID: 12615

TITLE

cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability

Trust: 0.6

sources: BID: 12616 // BID: 12615

DESCRIPTION

It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL Kerberos authentication code fails to ensure that a buffer overflow cannot occur when server response data is decoded.
The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions.

Trust: 0.6

sources: BID: 12616 // BID: 12615

AFFECTED PRODUCTS

vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.13	Trust: 0.9
vendor:	sgi	model:	propack	scope:	eq	version:	3.0	Trust: 0.6
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	10.1	Trust: 0.6
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.1	Trust: 0.6
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	10.0	Trust: 0.6
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.0	Trust: 0.6
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.6
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.6
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.6.2	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.6	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.5.12	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.5.11	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.5.10	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.5.9	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.5.6	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.5	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.4	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.3	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.2	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	eq	version:	4.0	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.6.2	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.6	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.5.12	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.5.11	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.5	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.4	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.3	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	eq	version:	4.2	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.12.3	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.12.2	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.12.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.12	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.11.2	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.11.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.11	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.8	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.7	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.6	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.5	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.4	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.3	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.4.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.4	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.3	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.2.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.2	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.1.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.5.2	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.5.1	Trust: 0.6
vendor:	alt	model:	linux alt linux junior	scope:	eq	version:	2.3	Trust: 0.6
vendor:	alt	model:	linux alt linux compact	scope:	eq	version:	2.3	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	ne	version:	4.6.3	Trust: 0.6
vendor:	f5	model:	big-ip	scope:	ne	version:	4.5.13	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	ne	version:	4.6.3	Trust: 0.6
vendor:	f5	model:	3-dns	scope:	ne	version:	4.5.13	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	ne	version:	7.13.1	Trust: 0.6
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10.2	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.10	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.8	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.7	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.6	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.5	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.4	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.3	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.2	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9.1	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.9	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.8.1	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.8	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.7.3	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.7.2	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.7.1	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.7	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.6.1	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.6	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.5.2	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.5.1	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.5	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.4.2	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.5	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.4	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.3	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.2	Trust: 0.3
vendor:	daniel	model:	stenberg curl beta	scope:	eq	version:	6.1	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.1	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	6.0	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux desktop	scope:	eq	version:	1.0	Trust: 0.3
vendor:	suse	model:	linux	scope:	eq	version:	8.1	Trust: 0.3
vendor:	suse	model:	linux i386	scope:	eq	version:	8.0	Trust: 0.3
vendor:	suse	model:	linux	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.2	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.1	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.1	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	8.2	Trust: 0.3
vendor:	daniel	model:	stenberg curl	scope:	eq	version:	7.8.2	Trust: 0.3

sources: BID: 12616 // BID: 12615

EXPLOIT

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

Trust: 0.6

sources: BID: 12616 // BID: 12615

PRICE

Free

Trust: 0.6

sources: BID: 12616 // BID: 12615

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 12616 // BID: 12615

CREDITS

Credited to infamous41md[at]hotpop.com.

Trust: 0.6

sources: BID: 12616 // BID: 12615

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0490	Trust: 0.6
db:	BID	id:	12616	Trust: 0.3
db:	BID	id:	12615	Trust: 0.3

sources: BID: 12616 // BID: 12615

REFERENCES

url:	http://curl.haxx.se/	Trust: 0.6
url:	http://www.f5.com/	Trust: 0.6
url:	http://lists.altlinux.ru/pipermail/security-announce/2005-march/000287.html	Trust: 0.6
url:	http://curl.haxx.se/changes.html	Trust: 0.6
url:	http://rhn.redhat.com/errata/rhsa-2005-340.html	Trust: 0.6
url:	http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities&id=202	Trust: 0.3

sources: BID: 12616 // BID: 12615

SOURCES

db:	BID	id:	12616
db:	BID	id:	12615

LAST UPDATE DATE

2022-07-27T09:36:58.101000+00:00

SOURCES UPDATE DATE

db:	BID	id:	12616	date:	2006-08-24T17:54:00
db:	BID	id:	12615	date:	2006-08-24T17:54:00

SOURCES RELEASE DATE

db:	BID	id:	12616	date:	2005-02-22T00:00:00
db:	BID	id:	12615	date:	2005-02-22T00:00:00