cURL Kerberos authentication buffer overflow
| curl-kerberos-bo (19423) |  High Risk |
Description:
cURL is an open-source HTTP client that allows the user to transfer files using URL syntax running on Unix-based operating systems. cURL version 7.12.1 and possibly earlier versions are vulnerable to a stack-based buffer overflow, caused by a vulnerability when the Kerberos authentication in the Curl_krb_kauth and krb4_auth functions in the lib/krb4.c is used. If a user is connected to a malicious server using Kerberos authentication, a remote attacker could send a specially-crafted response containing 1250 bytes to overflow a buffer and execute arbitrary code on the system with user privileges.
Consequences:
Gain Access
Remedy:
For Gentoo Linux:
Upgrade to the latest version of curl (7.13.1 and later), as listed in Gentoo Linux Security Announcement GLSA 200503-20. See References.
For Red Hat Linux:
Refer to RHSA-2005:340-09 for patch, upgrade, or suggested workaround information. See References.
For Ubuntu Linux:
Refer to USN-86-1 for patch, upgrade, or suggested workaround information. See References.
For SUSE Linux:
Refer to SUSE Security Announcement SUSE-SA:2005:011 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- CIAC INFORMATION BULLETIN P-167: cURL Security Update.
- cURL Web page: cURL and libcurl.
- iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow.
- BID-12615: cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability
- BID-12616: cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability
- CVE-2005-0490: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
- GLSA-200503-20: curl: NTLM response buffer overflow
- MDKSA-2005:048: Updated curl packages fix vulnerability
- RHSA-2005-340: curl security update
- SUSE-SA:2005:011: curl: buffer overflow in NTLM authentication
Platforms Affected:
- Canonical Ubuntu 4.10
- cURL cURL 7.12.1
- Gentoo Linux
- MandrakeSoft Mandrake Linux 10.0 AMD64
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 10.1 X86_64
- MandrakeSoft Mandrake Linux 10.1
- MandrakeSoft Mandrake Linux Corporate Server 3.0
- MandrakeSoft Mandrake Linux Corporate Server 3.0 X86_64
- Novell Linux Desktop 9
- RedHat Enterprise Linux 2.1 WS
- RedHat Enterprise Linux 2.1 ES
- RedHat Enterprise Linux 2.1 AS
- RedHat Enterprise Linux 3 Desktop
- RedHat Enterprise Linux 3 AS
- RedHat Enterprise Linux 3 ES
- RedHat Enterprise Linux 3 WS
- RedHat Enterprise Linux 4 AS
- RedHat Enterprise Linux 4 ES
- RedHat Enterprise Linux 4 WS
- RedHat Enterprise Linux 4 Desktop
- RedHat Linux Advanced Workstation 2.1 Itanium
- SuSE Linux Enterprise Server 9
- SUSE SuSE Linux 9.1
- SUSE SuSE Linux 9.2
- Turbolinux Turbolinux 10 Desktop
- Turbolinux Turbolinux 10 F...
- Turbolinux Turbolinux 10 Server
- Turbolinux Turbolinux Home
- Turbolinux Turbolinux Appliance Server 1.0 Hosting Ed
- Turbolinux Turbolinux Appliance Server 1.0 Workgroup Ed
Reported:
Feb 21, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net