Vulnerability Name: | CVE-2005-0490 (CCN-19421) |
Assigned: | 2005-02-21 |
Published: | 2005-02-21 |
Updated: | 2017-10-11 |
Summary: | Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. |
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: cURL Web page cURL and libcurl
Source: MITRE Type: CNA CVE-2005-0490
Source: CONECTIVA Type: Patch, Vendor Advisory CLA-2005:940
Source: FULLDISC Type: UNKNOWN 20050228 [USN-86-1] cURL vulnerability
Source: CCN Type: RHSA-2005-340 curl security update
Source: CCN Type: CIAC INFORMATION BULLETIN P-167 cURL Security Update
Source: CCN Type: GLSA-200503-20 curl: NTLM response buffer overflow
Source: GENTOO Type: Patch, Vendor Advisory GLSA-200503-20
Source: IDEFENSE Type: Vendor Advisory 20050221 Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability
Source: CCN Type: iDEFENSE Security Advisory 02.21.05 Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow
Source: IDEFENSE Type: Vendor Advisory 20050221 Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability
Source: MANDRAKE Type: UNKNOWN MDKSA-2005:048
Source: SUSE Type: UNKNOWN SUSE-SA:2005:011
Source: REDHAT Type: UNKNOWN RHSA-2005:340
Source: BID Type: UNKNOWN 12615
Source: CCN Type: BID-12615 cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability
Source: BID Type: UNKNOWN 12616
Source: CCN Type: BID-12616 cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability
Source: CCN Type: TLSA-2005-42 Buffer overflow vulnerabilities exist in curl
Source: CCN Type: USN-86-1 cURL vulnerability
Source: XF Type: UNKNOWN curl-ntlm-bo(19421)
Source: XF Type: UNKNOWN curl-kerberos-bo(19423)
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10273
Source: SUSE Type: SUSE-SA:2005:011 curl: buffer overflow in NTLM authentication
|
Vulnerable Configuration: | Configuration 1: cpe:/a:curl:curl:7.12.1:*:*:*:*:*:*:*OR cpe:/a:libcurl:libcurl:7.12.1:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:curl:curl:7.12.1:*:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:*OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
Denotes that component is vulnerable |
Vulnerability Name: | CVE-2005-0490 (CCN-19423) |
Assigned: | 2005-02-21 |
Published: | 2005-02-21 |
Updated: | 2017-10-11 |
Summary: | Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. |
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: cURL Web page cURL and libcurl
Source: MITRE Type: CNA CVE-2005-0490
Source: CCN Type: RHSA-2005-340 curl security update
Source: CCN Type: CIAC INFORMATION BULLETIN P-167 cURL Security Update
Source: CCN Type: GLSA-200503-20 curl: NTLM response buffer overflow
Source: CCN Type: iDEFENSE Security Advisory 02.21.05 Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow
Source: CCN Type: BID-12615 cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability
Source: CCN Type: BID-12616 cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability
Source: CCN Type: TLSA-2005-42 Buffer overflow vulnerabilities exist in curl
Source: CCN Type: USN-86-1 cURL vulnerability
Source: XF Type: UNKNOWN curl-kerberos-bo(19423)
Source: SUSE Type: SUSE-SA:2005:011 curl: buffer overflow in NTLM authentication
|
Vulnerable Configuration: | Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
Definition ID | Class | Title | Last Modified |
---|
oval:org.mitre.oval:def:10273 | V | Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. | 2013-04-29 | oval:com.redhat.rhsa:def:20050340 | P | RHSA-2005:340: curl security update (Low) | 2005-04-05 |
|
BACK |
curl curl 7.12.1
libcurl libcurl 7.12.1
curl curl 7.12.1
gentoo linux *
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
redhat linux advanced workstation 2.1
suse linux enterprise server 9
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
turbolinux turbolinux home *
turbolinux turbolinux appliance server 1.0_hosting_edition
turbolinux turbolinux appliance server 1.0_workgroup_edition
mandrakesoft mandrake linux 10.0