CVE-2005-3185
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.6%
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
References
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
docs.info.apple.com/article.html?artnum=302847
lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
secunia.com/advisories/17192
secunia.com/advisories/17193
secunia.com/advisories/17203
secunia.com/advisories/17208
secunia.com/advisories/17228
secunia.com/advisories/17247
secunia.com/advisories/17297
secunia.com/advisories/17320
secunia.com/advisories/17400
secunia.com/advisories/17403
secunia.com/advisories/17485
secunia.com/advisories/17813
secunia.com/advisories/17965
secunia.com/advisories/19193
securityreason.com/securityalert/82
securitytracker.com/id?1015056
securitytracker.com/id?1015057
slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010
www.debian.org/security/2005/dsa-919
www.gentoo.org/security/en/glsa/glsa-200510-19.xml
www.idefense.com/application/poi/display?id=322&type=vulnerabilities
www.mandriva.com/security/advisories?name=MDKSA-2005:182
www.novell.com/linux/security/advisories/2005_63_wget_curl.html
www.osvdb.org/20011
www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html
www.redhat.com/support/errata/RHSA-2005-807.html
www.redhat.com/support/errata/RHSA-2005-812.html
www.securityfocus.com/bid/15102
www.securityfocus.com/bid/15647
www.vupen.com/english/advisories/2005/2088
www.vupen.com/english/advisories/2005/2125
www.vupen.com/english/advisories/2005/2659
exchange.xforce.ibmcloud.com/vulnerabilities/22721
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810
usn.ubuntu.com/205-1/
Related
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.6%