cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

BID:12615

Info

cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

Bugtraq ID: 12615
Class: Boundary Condition Error
CVE: CVE-2005-0490
Remote: Yes
Local: No
Published: Feb 22 2005 12:00AM
Updated: Aug 24 2006 05:54PM
Credit: Credited to infamous41md[at]hotpop.com.
Vulnerable: SuSE Linux Enterprise Server 9
SuSE Linux Desktop 1.0
SuSE Linux 8.1
SuSE Linux 8.0 i386
SuSE Linux 8.0
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
F5 BIG-IP 4.6.2
F5 BIG-IP 4.6
F5 BIG-IP 4.5.12
F5 BIG-IP 4.5.11
F5 BIG-IP 4.5.10
F5 BIG-IP 4.5.9
F5 BIG-IP 4.5.6
F5 BIG-IP 4.5
F5 BIG-IP 4.4
F5 BIG-IP 4.3
F5 BIG-IP 4.2
F5 BIG-IP 4.0
F5 3-DNS 4.6.2
F5 3-DNS 4.6
F5 3-DNS 4.5.12
F5 3-DNS 4.5.11
F5 3-DNS 4.5
F5 3-DNS 4.4
F5 3-DNS 4.3
F5 3-DNS 4.2
Daniel Stenberg curl 7.13
Daniel Stenberg curl 7.12.3
Daniel Stenberg curl 7.12.2
Daniel Stenberg curl 7.12.1
+ Redhat Desktop 4.0
+ Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux WS 4
 Daniel Stenberg curl 7.12
+ S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Daniel Stenberg curl 7.11.2
Daniel Stenberg curl 7.11.1
Daniel Stenberg curl 7.11
+ S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1
Daniel Stenberg curl 7.10.8
Daniel Stenberg curl 7.10.7
Daniel Stenberg curl 7.10.6
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 3
 + Redhat Enterprise Linux ES 3
 + Redhat Enterprise Linux WS 3
 Daniel Stenberg curl 7.10.5
Daniel Stenberg curl 7.10.4
Daniel Stenberg curl 7.10.3
Daniel Stenberg curl 7.10.1
Daniel Stenberg curl 7.8.2
+ Redhat Advanced Workstation for the Itanium Processor 2.1
+ Redhat Enterprise Linux AS 2.1 IA64
 + Redhat Enterprise Linux AS 2.1
 + Redhat Enterprise Linux ES 2.1 IA64
 + Redhat Enterprise Linux ES 2.1
 + Redhat Enterprise Linux WS 2.1 IA64
 + Redhat Enterprise Linux WS 2.1
 Daniel Stenberg curl 7.4.1
Daniel Stenberg curl 7.4
Daniel Stenberg curl 7.3
+ Redhat PowerTools 7.0
+ Redhat PowerTools 6.2
+ Redhat PowerTools 6.1
Daniel Stenberg curl 7.2.1
Daniel Stenberg curl 7.2
Daniel Stenberg curl 7.1.1
Daniel Stenberg curl 7.1
Daniel Stenberg curl 6.5.2
Daniel Stenberg curl 6.5.1
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
Not Vulnerable: F5 BIG-IP 4.6.3
F5 BIG-IP 4.5.13
F5 3-DNS 4.6.3
F5 3-DNS 4.5.13
Daniel Stenberg curl 7.13.1

Discussion

cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded.

The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions.

Exploit / POC

cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

Solution:
The vendor has released cURL version 7.13.1 to address this and other issues.

It is reported that the vendor has released a patch and updated 'http_ntlm.c' file to address this vulnerability. The patch may be found at the following location:
http://cool.haxx.se/cvs.cgi/curl/lib/http_ntlm.c.diff?r1=1.36&r2=1.38

SGI has released an advisory 20050403-01-U including updated SGI ProPack 3 Service Pack 4 packages to address this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory (GLSA 200503-20) and an updated eBuild to address this vulnerability. Gentoo users are advised to apply the updates by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1"

Mandrake has released advisory MDKSA-2005:048 dealing with this issue. Please see the referenced advisory for more information.

SuSE has released summary report SUSE-SR:2005:006 mainly to address vulnerabilities described in other BIDs. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are pending release. Customers are advised to see the referenced advisory for further information.

SuSE has released advisory SUSE-SA:2005:011 dealing with this issue. Please see the referenced advisory for more information.

Ubuntu Linux has released advisory USN-86-1 dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2005:940 along with fixes dealing with this issue. Please see the referenced advisory for more information.

ALT Linux has released updates dealing with this and other issues. Please see the reference section for more information.

Red Hat has released advisory RHSA-2005:340-09 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

F5 Networks BIG-IP and 3-DNS upgrades are available from the vendor. Please contact the vendor for more information.


Daniel Stenberg curl 6.5.1

Daniel Stenberg curl 6.5.2

Daniel Stenberg curl 7.1

Daniel Stenberg curl 7.1.1

Daniel Stenberg curl 7.10.1

Daniel Stenberg curl 7.10.3

Daniel Stenberg curl 7.10.4

Daniel Stenberg curl 7.10.5

Daniel Stenberg curl 7.10.6

Daniel Stenberg curl 7.10.7

Daniel Stenberg curl 7.11

Daniel Stenberg curl 7.11.1

Daniel Stenberg curl 7.12

Daniel Stenberg curl 7.12.1

Daniel Stenberg curl 7.13

Daniel Stenberg curl 7.2

Daniel Stenberg curl 7.2.1

Daniel Stenberg curl 7.3

Daniel Stenberg curl 7.4

Daniel Stenberg curl 7.4.1

References

cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report