Lucene search

K

[email protected]NVD:CVE-2005-3185

HistoryOct 13, 2005 - 10:02 p.m.

CVE-2005-3185

2005-10-1322:02:00

CWE-119

[email protected]

web.nvd.nist.gov

1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

Affected configurations

NVD

Node

curlcurlMatch7.13.2

OR

libcurllibcurlMatch7.13.2

OR

wgetwgetMatch1.10

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt

docs.info.apple.com/article.html?artnum=302847

lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

secunia.com/advisories/17192

secunia.com/advisories/17193

secunia.com/advisories/17203

secunia.com/advisories/17208

secunia.com/advisories/17228

secunia.com/advisories/17247

secunia.com/advisories/17297

secunia.com/advisories/17320

secunia.com/advisories/17400

secunia.com/advisories/17403

secunia.com/advisories/17485

secunia.com/advisories/17813

secunia.com/advisories/17965

secunia.com/advisories/19193

securityreason.com/securityalert/82

securitytracker.com/id?1015056

securitytracker.com/id?1015057

slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010

www.debian.org/security/2005/dsa-919

www.gentoo.org/security/en/glsa/glsa-200510-19.xml

www.idefense.com/application/poi/display?id=322&type=vulnerabilities

www.mandriva.com/security/advisories?name=MDKSA-2005:182

www.novell.com/linux/security/advisories/2005_63_wget_curl.html

www.osvdb.org/20011

www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html

www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html

www.redhat.com/support/errata/RHSA-2005-807.html

www.redhat.com/support/errata/RHSA-2005-812.html

www.securityfocus.com/bid/15102

www.securityfocus.com/bid/15647

www.vupen.com/english/advisories/2005/2088

www.vupen.com/english/advisories/2005/2125

www.vupen.com/english/advisories/2005/2659

exchange.xforce.ibmcloud.com/vulnerabilities/22721

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810

usn.ubuntu.com/205-1/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

Related for NVD:CVE-2005-3185

nessus15 gentoo1 openvas11 centos4 ubuntucve1 cvelist1 slackware1 cve1 redhat2 ubuntu1 securityvulns2 debiancve1 debian2 osv1