Vulnerability CVE-2005-0490

Vulnerability Name:

CVE-2005-0490 (CCN-19421)

Assigned:

2005-02-21

Published:

2005-02-21

Updated:

2017-10-11

Summary:

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: cURL Web page
cURL and libcurl

Source: MITRE
Type: CNA
CVE-2005-0490

Source: CONECTIVA
Type: Patch, Vendor Advisory
CLA-2005:940

Source: FULLDISC
Type: UNKNOWN
20050228 [USN-86-1] cURL vulnerability

Source: CCN
Type: RHSA-2005-340
curl security update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-167
cURL Security Update

Source: CCN
Type: GLSA-200503-20
curl: NTLM response buffer overflow

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-20

Source: IDEFENSE
Type: Vendor Advisory
20050221 Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability

Source: CCN
Type: iDEFENSE Security Advisory 02.21.05
Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow

Source: IDEFENSE
Type: Vendor Advisory
20050221 Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:048

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:011

Source: REDHAT
Type: UNKNOWN
RHSA-2005:340

Source: BID
Type: UNKNOWN
12615

Source: CCN
Type: BID-12615
cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
12616

Source: CCN
Type: BID-12616
cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-42
Buffer overflow vulnerabilities exist in curl

Source: CCN
Type: USN-86-1
cURL vulnerability

Source: XF
Type: UNKNOWN
curl-ntlm-bo(19421)

Source: XF
Type: UNKNOWN
curl-kerberos-bo(19423)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10273

Source: SUSE
Type: SUSE-SA:2005:011
curl: buffer overflow in NTLM authentication

Vulnerable Configuration:

Configuration 1:

cpe:/a:curl:curl:7.12.1:*:*:*:*:*:*:*

OR cpe:/a:libcurl:libcurl:7.12.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:curl:curl:7.12.1:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:*

OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2005-0490 (CCN-19423)

Assigned:

2005-02-21

Published:

2005-02-21

Updated:

2017-10-11

Summary:

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: cURL Web page
cURL and libcurl

Source: MITRE
Type: CNA
CVE-2005-0490

Source: CCN
Type: RHSA-2005-340
curl security update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-167
cURL Security Update

Source: CCN
Type: GLSA-200503-20
curl: NTLM response buffer overflow

Source: CCN
Type: iDEFENSE Security Advisory 02.21.05
Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow

Source: CCN
Type: BID-12615
cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

Source: CCN
Type: BID-12616
cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-42
Buffer overflow vulnerabilities exist in curl

Source: CCN
Type: USN-86-1
cURL vulnerability

Source: XF
Type: UNKNOWN
curl-kerberos-bo(19423)

Source: SUSE
Type: SUSE-SA:2005:011
curl: buffer overflow in NTLM authentication

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:10273	V	Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.	2013-04-29
oval:com.redhat.rhsa:def:20050340	P	RHSA-2005:340: curl security update (Low)	2005-04-05

BACK