aru Posted October 14, 2005 Report Share Posted October 14, 2005 Mandriva Security Advisories MDKSA-2005:182 : curl Updated curl packages fix NTLM authentication vulnerability October 13th, 2005 A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to libcurl that together are longer than 192 bytes or b) allow (lib)curl to follow HTTP redirects and the new URL contains a URL with a user and domain name that together are longer than 192 bytes. The updated packages have been patched to address this issue. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:182 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3185 http://curl.haxx.se/mail/lib-2005-10/0061.html Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts