Sign-up

ID

VAR-200505-0198


CVE

CVE-2005-0490


TITLE

cURL/libcURL  of  Kerberos  Authentication and  NTLM  Buffer overflow vulnerability in authentication

Trust: 0.8

sources: JVNDB: JVNDB-2005-000134

DESCRIPTION

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. cURL/libcURL 7.13.0 Previously, Kerberos Authentication and NTLM from the site performing the authentication. It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded. The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions. Background ========== curl is a command line tool for transferring files via many different protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.13.1 >= 7.13.1 Description =========== curl fails to properly check boundaries when handling NTLM authentication. Impact ====== With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading to the execution of arbitrary code with the permissions of the user running curl. Workaround ========== Disable NTLM authentication by not using the --anyauth or --ntlm options. Resolution ========== All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1" References ========== [ 1 ] CAN-2005-0490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0

Trust: 2.25

sources: NVD: CVE-2005-0490 // JVNDB: JVNDB-2005-000134 // BID: 12616 // BID: 12615 // PACKETSTORM: 36663

AFFECTED PRODUCTS

vendor:haxxmodel:libcurlscope:eqversion:7.12.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.12.1

Trust: 1.0

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:サイバートラスト株式会社model:asianux serverscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:ターボリナックスmodel:turbolinux serverscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:danielmodel:stenberg curlscope:eqversion:7.4.1

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.2

Trust: 0.6

vendor:altmodel:linux alt linux juniorscope:eqversion:2.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.1

Trust: 0.6

vendor:mandrivamodel:linux mandrakescope:eqversion:10.1

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.6

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5

Trust: 0.6

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:10.0

Trust: 0.6

vendor:f5model:big-ipscope:neversion:4.5.13

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.13

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.3

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.5.12

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.5

Trust: 0.6

vendor:f5model:big-ipscope:neversion:4.6.3

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.2

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.4

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.11.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:6.5.1

Trust: 0.6

vendor:f5model:3-dnsscope:neversion:4.5.13

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.4

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.4

Trust: 0.6

vendor:f5model:3-dnsscope:neversion:4.6.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:6.5.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.11

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.6.2

Trust: 0.6

vendor:sgimodel:propackscope:eqversion:3.0

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.2.1

Trust: 0.6

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.7

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.6

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12

Trust: 0.6

vendor:danielmodel:stenberg curlscope:neversion:7.13.1

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.5

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.11

Trust: 0.6

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:10.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.0

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.5.11

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.6.2

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.6

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.9

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.11.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.3

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.12

Trust: 0.6

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.6

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.8

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.4

Trust: 0.6

vendor:altmodel:linux alt linux compactscope:eqversion:2.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.1.1

Trust: 0.6

vendor:mandrivamodel:linux mandrakescope:eqversion:10.0

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.10

Trust: 0.6

vendor:libcurlmodel:libcurlscope:eqversion:7.12.1

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.5.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.10

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.10.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.4

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.5.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.6

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.0

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.8

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.4.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.4

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.8

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.6

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.7

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.8.1

Trust: 0.3

vendor:danielmodel:stenberg curl betascope:eqversion:6.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.6.1

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:susemodel:linux desktopscope:eqversion:1.0

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:8.1

Trust: 0.3

vendor:susemodel:linux i386scope:eqversion:8.0

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:8.0

Trust: 0.3

vendor:s u s emodel:linux personal x86 64scope:eqversion:9.2

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.2

Trust: 0.3

vendor:s u s emodel:linux personal x86 64scope:eqversion:9.1

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.1

Trust: 0.3

vendor:s u s emodel:linux personal x86 64scope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:8.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.8.2

Trust: 0.3

sources: BID: 12616 // BID: 12615 // JVNDB: JVNDB-2005-000134 // CNNVD: CNNVD-200505-184 // NVD: CVE-2005-0490

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2005-0490
value: HIGH

Trust: 1.8

CNNVD: CNNVD-200505-184
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: TRUE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2005-0490
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2005-0490
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2005-000134 // CNNVD: CNNVD-200505-184 // NVD: CVE-2005-0490

PROBLEMTYPE DATA

problemtype:CWE-131

Trust: 1.0

problemtype:Miscalculation of buffer size (CWE-131) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2005-000134 // NVD: CVE-2005-0490

THREAT TYPE

network

Trust: 0.6

sources: BID: 12616 // BID: 12615

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 12616 // BID: 12615

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2005-0490

PATCH
title:RHSA-2005url:http://www.miraclelinux.com/support/update/list.php?errata_id=185
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2005-000134

EXTERNAL IDS
db:NVDid:CVE-2005-0490
Trust: 3.9
db:BIDid:12616
Trust: 2.7
db:BIDid:12615
Trust: 2.7
db:SECUNIAid:14364
Trust: 0.8
db:JVNDBid:JVNDB-2005-000134
Trust: 0.8
db:GENTOOid:GLSA-200503-20
Trust: 0.6
db:MANDRAKEid:MDKSA-2005:048
Trust: 0.6
db:REDHATid:RHSA-2005:340
Trust: 0.6
db:IDEFENSEid:20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL NTLM AUTHENTICATION BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:IDEFENSEid:20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL KERBEROS AUTHENTICATION BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:SUSEid:SUSE-SA:2005:011
Trust: 0.6
db:CONECTIVAid:CLA-2005:940
Trust: 0.6
db:XFid:19423
Trust: 0.6
db:FULLDISCid:20050228 [USN-86-1] CURL VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200505-184
Trust: 0.6
db:PACKETSTORMid:36663
Trust: 0.1
sources:
            
            
            BID: 12616 // 
            
            
            
            BID: 12615 // 
            
            
            
            JVNDB: JVNDB-2005-000134 // 
            
            
            
            PACKETSTORM: 36663 // 
            
            
            
            CNNVD: CNNVD-200505-184 // 
            
            
            
            NVD: CVE-2005-0490

REFERENCES
url:http://www.securityfocus.com/bid/12616
Trust: 2.4
url:http://www.securityfocus.com/bid/12615
Trust: 2.4
url:http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml
Trust: 1.6
url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940
Trust: 1.6
url:http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities
Trust: 1.6
url:http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities
Trust: 1.6
url:http://www.redhat.com/support/errata/rhsa-2005-340.html
Trust: 1.6
url:http://www.novell.com/linux/security/advisories/2005_11_curl.html
Trust: 1.6
url:http://www.mandriva.com/security/advisories?name=mdksa-2005:048
Trust: 1.6
url:http://marc.info/?l=full-disclosure&m=110959085507755&w=2
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19423
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10273
Trust: 1.0
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0490
Trust: 0.8
url:http://secunia.com/advisories/14364/
Trust: 0.8
url:http://lists.altlinux.ru/pipermail/security-announce/2005-march/000287.html
Trust: 0.6
url:http://curl.haxx.se/
Trust: 0.6
url:http://curl.haxx.se/changes.html
Trust: 0.6
url:http://www.f5.com/
Trust: 0.6
url:http://rhn.redhat.com/errata/rhsa-2005-340.html
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=full-disclosure&m=110959085507755&w=2
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/19423
Trust: 0.6
url:/archive/1/391041
Trust: 0.3
url:http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities&id=202
Trust: 0.3
url:http://bugs.gentoo.org.
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.0
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2005-0490
Trust: 0.1
url:http://security.gentoo.org/
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-0490
Trust: 0.1
url:http://security.gentoo.org/glsa/glsa-200503-20.xml
Trust: 0.1
sources:
            
            
            BID: 12616 // 
            
            
            
            BID: 12615 // 
            
            
            
            JVNDB: JVNDB-2005-000134 // 
            
            
            
            PACKETSTORM: 36663 // 
            
            
            
            CNNVD: CNNVD-200505-184 // 
            
            
            
            NVD: CVE-2005-0490

CREDITS
Credited to infamous41md[at]hotpop.com.
Trust: 0.6
sources:
            
            
            BID: 12616 // 
            
            
            
            BID: 12615

SOURCES
db:BIDid:12616
db:BIDid:12615
db:JVNDBid:JVNDB-2005-000134
db:PACKETSTORMid:36663
db:CNNVDid:CNNVD-200505-184
db:NVDid:CVE-2005-0490

LAST UPDATE DATE
2024-02-27T22:53:51.996000+00:00

SOURCES UPDATE DATE
db:BIDid:12616date:2006-08-24T17:54:00
db:BIDid:12615date:2006-08-24T17:54:00
db:JVNDBid:JVNDB-2005-000134date:2024-02-27T05:23:00
db:CNNVDid:CNNVD-200505-184date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0490date:2024-02-02T03:05:29.487

SOURCES RELEASE DATE
db:BIDid:12616date:2005-02-22T00:00:00
db:BIDid:12615date:2005-02-22T00:00:00
db:JVNDBid:JVNDB-2005-000134date:2007-04-01T00:00:00
db:PACKETSTORMid:36663date:2005-03-22T05:24:05
db:CNNVDid:CNNVD-200505-184date:2005-02-22T00:00:00
db:NVDid:CVE-2005-0490date:2005-05-02T04:00:00