ID

VAR-200505-0198


CVE

CVE-2005-0490


TITLE

cURL/libcURL  of  Kerberos  Authentication and  NTLM  Buffer overflow vulnerability in authentication

Trust: 0.8

sources: JVNDB: JVNDB-2005-000134

DESCRIPTION

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. cURL/libcURL 7.13.0 Previously, Kerberos Authentication and NTLM from the site performing the authentication. It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded. The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions. Background ========== curl is a command line tool for transferring files via many different protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.13.1 >= 7.13.1 Description =========== curl fails to properly check boundaries when handling NTLM authentication. Impact ====== With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading to the execution of arbitrary code with the permissions of the user running curl. Workaround ========== Disable NTLM authentication by not using the --anyauth or --ntlm options. Resolution ========== All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1" References ========== [ 1 ] CAN-2005-0490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0

Trust: 2.25

sources: NVD: CVE-2005-0490 // JVNDB: JVNDB-2005-000134 // BID: 12616 // BID: 12615 // PACKETSTORM: 36663

AFFECTED PRODUCTS

vendor:haxxmodel:curlscope:eqversion:7.12.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.12.1

Trust: 1.0

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:サイバートラスト株式会社model:asianux serverscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:ターボリナックスmodel:turbolinux serverscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:danielmodel:stenberg curlscope:eqversion:7.4.1

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.2

Trust: 0.6

vendor:altmodel:linux alt linux juniorscope:eqversion:2.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.1

Trust: 0.6

vendor:mandrivamodel:linux mandrakescope:eqversion:10.1

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.6

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5

Trust: 0.6

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:10.0

Trust: 0.6

vendor:f5model:big-ipscope:neversion:4.5.13

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.13

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.3

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.5.12

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.5

Trust: 0.6

vendor:f5model:big-ipscope:neversion:4.6.3

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.2

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.4

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.11.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:6.5.1

Trust: 0.6

vendor:f5model:3-dnsscope:neversion:4.5.13

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.4

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.4

Trust: 0.6

vendor:f5model:3-dnsscope:neversion:4.6.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:6.5.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.11

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.6.2

Trust: 0.6

vendor:sgimodel:propackscope:eqversion:3.0

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.2.1

Trust: 0.6

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.7

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.6

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.12

Trust: 0.6

vendor:danielmodel:stenberg curlscope:neversion:7.13.1

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.5

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.11

Trust: 0.6

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:10.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.0

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.5.11

Trust: 0.6

vendor:f5model:3-dnsscope:eqversion:4.6.2

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.6

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.9

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.11.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.3

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.12

Trust: 0.6

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.6

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.2

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.8

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.10.4

Trust: 0.6

vendor:altmodel:linux alt linux compactscope:eqversion:2.3

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.1.1

Trust: 0.6

vendor:mandrivamodel:linux mandrakescope:eqversion:10.0

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.1

Trust: 0.6

vendor:f5model:big-ipscope:eqversion:4.5.10

Trust: 0.6

vendor:libcurlmodel:libcurlscope:eqversion:7.12.1

Trust: 0.6

vendor:danielmodel:stenberg curlscope:eqversion:7.5.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.10

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.10.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.4

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.5.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.6

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.0

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.8

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.4.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.4

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:6.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.8

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.6

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.7

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.8.1

Trust: 0.3

vendor:danielmodel:stenberg curl betascope:eqversion:6.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.9.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.7.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.6.1

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:susemodel:linux desktopscope:eqversion:1.0

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:8.1

Trust: 0.3

vendor:susemodel:linux i386scope:eqversion:8.0

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:8.0

Trust: 0.3

vendor:s u s emodel:linux personal x86 64scope:eqversion:9.2

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.2

Trust: 0.3

vendor:s u s emodel:linux personal x86 64scope:eqversion:9.1

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.1

Trust: 0.3

vendor:s u s emodel:linux personal x86 64scope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:8.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.8.2

Trust: 0.3

sources: BID: 12616 // BID: 12615 // JVNDB: JVNDB-2005-000134 // CNNVD: CNNVD-200505-184 // NVD: CVE-2005-0490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0490
value: HIGH

Trust: 1.0

NVD: CVE-2005-0490
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200505-184
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2005-0490
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2005-0490
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2005-0490
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2005-000134 // CNNVD: CNNVD-200505-184 // NVD: CVE-2005-0490

PROBLEMTYPE DATA

problemtype:CWE-131

Trust: 1.0

problemtype:Miscalculation of buffer size (CWE-131) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2005-000134 // NVD: CVE-2005-0490

THREAT TYPE

network

Trust: 0.6

sources: BID: 12616 // BID: 12615

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 12616 // BID: 12615

PATCH

title:RHSA-2005url:http://www.miraclelinux.com/support/update/list.php?errata_id=185

Trust: 0.8

sources: JVNDB: JVNDB-2005-000134

EXTERNAL IDS

db:NVDid:CVE-2005-0490

Trust: 3.9

db:BIDid:12616

Trust: 2.7

db:BIDid:12615

Trust: 2.7

db:SECUNIAid:14364

Trust: 0.8

db:JVNDBid:JVNDB-2005-000134

Trust: 0.8

db:GENTOOid:GLSA-200503-20

Trust: 0.6

db:MANDRAKEid:MDKSA-2005:048

Trust: 0.6

db:REDHATid:RHSA-2005:340

Trust: 0.6

db:IDEFENSEid:20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL NTLM AUTHENTICATION BUFFER OVERFLOW VULNERABILITY

Trust: 0.6

db:IDEFENSEid:20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL KERBEROS AUTHENTICATION BUFFER OVERFLOW VULNERABILITY

Trust: 0.6

db:SUSEid:SUSE-SA:2005:011

Trust: 0.6

db:CONECTIVAid:CLA-2005:940

Trust: 0.6

db:XFid:19423

Trust: 0.6

db:FULLDISCid:20050228 [USN-86-1] CURL VULNERABILITY

Trust: 0.6

db:CNNVDid:CNNVD-200505-184

Trust: 0.6

db:PACKETSTORMid:36663

Trust: 0.1

sources: BID: 12616 // BID: 12615 // JVNDB: JVNDB-2005-000134 // PACKETSTORM: 36663 // CNNVD: CNNVD-200505-184 // NVD: CVE-2005-0490

REFERENCES

url:http://www.securityfocus.com/bid/12616

Trust: 2.4

url:http://www.securityfocus.com/bid/12615

Trust: 2.4

url:http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml

Trust: 1.6

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940

Trust: 1.6

url:http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities

Trust: 1.6

url:http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2005-340.html

Trust: 1.6

url:http://www.novell.com/linux/security/advisories/2005_11_curl.html

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdksa-2005:048

Trust: 1.6

url:http://marc.info/?l=full-disclosure&m=110959085507755&w=2

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19423

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10273

Trust: 1.0

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0490

Trust: 0.8

url:http://secunia.com/advisories/14364/

Trust: 0.8

url:http://lists.altlinux.ru/pipermail/security-announce/2005-march/000287.html

Trust: 0.6

url:http://curl.haxx.se/

Trust: 0.6

url:http://curl.haxx.se/changes.html

Trust: 0.6

url:http://www.f5.com/

Trust: 0.6

url:http://rhn.redhat.com/errata/rhsa-2005-340.html

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=full-disclosure&m=110959085507755&w=2

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/19423

Trust: 0.6

url:/archive/1/391041

Trust: 0.3

url:http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities&id=202

Trust: 0.3

url:http://bugs.gentoo.org.

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-0490

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-0490

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-200503-20.xml

Trust: 0.1

sources: BID: 12616 // BID: 12615 // JVNDB: JVNDB-2005-000134 // PACKETSTORM: 36663 // CNNVD: CNNVD-200505-184 // NVD: CVE-2005-0490

CREDITS

Credited to infamous41md[at]hotpop.com.

Trust: 0.6

sources: BID: 12616 // BID: 12615

SOURCES

db:BIDid:12616
db:BIDid:12615
db:JVNDBid:JVNDB-2005-000134
db:PACKETSTORMid:36663
db:CNNVDid:CNNVD-200505-184
db:NVDid:CVE-2005-0490

LAST UPDATE DATE

2024-08-14T14:35:49.547000+00:00


SOURCES UPDATE DATE

db:BIDid:12616date:2006-08-24T17:54:00
db:BIDid:12615date:2006-08-24T17:54:00
db:JVNDBid:JVNDB-2005-000134date:2024-02-27T05:23:00
db:CNNVDid:CNNVD-200505-184date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0490date:2024-02-02T03:05:29.487

SOURCES RELEASE DATE

db:BIDid:12616date:2005-02-22T00:00:00
db:BIDid:12615date:2005-02-22T00:00:00
db:JVNDBid:JVNDB-2005-000134date:2007-04-01T00:00:00
db:PACKETSTORMid:36663date:2005-03-22T05:24:05
db:CNNVDid:CNNVD-200505-184date:2005-02-22T00:00:00
db:NVDid:CVE-2005-0490date:2005-05-02T04:00:00