Vulnerability Name: CVE-2005-0490 (CCN-19421) Assigned: 2005-02-21 Published: 2005-02-21 Updated: 2017-10-11 Summary: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCN Type: cURL Web pagecURL and libcurl Source: MITRE Type: CNACVE-2005-0490 Source: CONECTIVA Type: Patch, Vendor AdvisoryCLA-2005:940 Source: FULLDISC Type: UNKNOWN20050228 [USN-86-1] cURL vulnerability Source: CCN Type: RHSA-2005-340curl security update Source: CCN Type: CIAC INFORMATION BULLETIN P-167cURL Security Update Source: CCN Type: GLSA-200503-20curl: NTLM response buffer overflow Source: GENTOO Type: Patch, Vendor AdvisoryGLSA-200503-20 Source: IDEFENSE Type: Vendor Advisory20050221 Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability Source: CCN Type: iDEFENSE Security Advisory 02.21.05Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Source: IDEFENSE Type: Vendor Advisory20050221 Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability Source: MANDRAKE Type: UNKNOWNMDKSA-2005:048 Source: SUSE Type: UNKNOWNSUSE-SA:2005:011 Source: REDHAT Type: UNKNOWNRHSA-2005:340 Source: BID Type: UNKNOWN12615 Source: CCN Type: BID-12615cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability Source: BID Type: UNKNOWN12616 Source: CCN Type: BID-12616cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability Source: CCN Type: TLSA-2005-42Buffer overflow vulnerabilities exist in curl Source: CCN Type: USN-86-1cURL vulnerability Source: XF Type: UNKNOWNcurl-ntlm-bo(19421) Source: XF Type: UNKNOWNcurl-kerberos-bo(19423) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:10273 Source: SUSE Type: SUSE-SA:2005:011curl: buffer overflow in NTLM authentication Vulnerable Configuration: Configuration 1 :cpe:/a:curl:curl:7.12.1:*:*:*:*:*:*:* OR cpe:/a:libcurl:libcurl:7.12.1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:curl:curl:7.12.1:*:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:* OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* Denotes that component is vulnerableVulnerability Name: CVE-2005-0490 (CCN-19423) Assigned: 2005-02-21 Published: 2005-02-21 Updated: 2017-10-11 Summary: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCN Type: cURL Web pagecURL and libcurl Source: MITRE Type: CNACVE-2005-0490 Source: CCN Type: RHSA-2005-340curl security update Source: CCN Type: CIAC INFORMATION BULLETIN P-167cURL Security Update Source: CCN Type: GLSA-200503-20curl: NTLM response buffer overflow Source: CCN Type: iDEFENSE Security Advisory 02.21.05Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Source: CCN Type: BID-12615cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability Source: CCN Type: BID-12616cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability Source: CCN Type: TLSA-2005-42Buffer overflow vulnerabilities exist in curl Source: CCN Type: USN-86-1cURL vulnerability Source: XF Type: UNKNOWNcurl-kerberos-bo(19423) Source: SUSE Type: SUSE-SA:2005:011curl: buffer overflow in NTLM authentication Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:10273 V Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. 2013-04-29 oval:com.redhat.rhsa:def:20050340 P RHSA-2005:340: curl security update (Low) 2005-04-05
BACK
curl curl 7.12.1
libcurl libcurl 7.12.1
curl curl 7.12.1
gentoo linux *
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
redhat linux advanced workstation 2.1
suse linux enterprise server 9
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
turbolinux turbolinux home *
turbolinux turbolinux appliance server 1.0_hosting_edition
turbolinux turbolinux appliance server 1.0_workgroup_edition
mandrakesoft mandrake linux 10.0