| Reporter | Title | Published | Views | Family All 58 |
|---|---|---|---|---|
| Apache HTTP Request Parsing HTML Injection | 30 Jun 200500:00 | – | nessus | |
| Apache < 2.0.55 HTTP Smuggling Vulnerability | 25 Jul 200500:00 | – | nessus | |
| GNU WGet < 1.10.2 Buffer Overflow | 14 Oct 200500:00 | – | nessus | |
| Curl NTLM Buffer Overflow | 14 Oct 200500:00 | – | nessus | |
| Mac OS X Multiple Vulnerabilities (Security Update 2005-009) | 30 Nov 200500:00 | – | nessus | |
| CentOS 3 / 4 : curl (CESA-2005:807) | 3 Jul 200600:00 | – | nessus | |
| CentOS 3 / 4 : wget (CESA-2005:812) | 3 Jul 200600:00 | – | nessus | |
| Debian DSA-919-2 : curl - buffer overflow | 14 Oct 200600:00 | – | nessus | |
| Fedora Core 3 : curl-7.12.3-4.fc3 (2005-1000) | 19 Oct 200500:00 | – | nessus | |
| Fedora Core 4 : curl-7.13.1-4.fc4 (2005-1129) | 11 Dec 200500:00 | – | nessus |
| Source | Link |
|---|---|
| curl | www.curl.haxx.se/docs/security.html |
| slackware | www.slackware.com/security/viewer.php |
| www.2005-310-01 |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.55804");
script_cve_id("CVE-2005-3185");
script_tag(name:"creation_date", value:"2012-09-10 23:34:21 +0000 (Mon, 10 Sep 2012)");
script_version("2025-01-14T05:37:02+0000");
script_tag(name:"last_modification", value:"2025-01-14 05:37:02 +0000 (Tue, 14 Jan 2025)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Slackware: Security Advisory (SSA:2005-310-01)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Slackware Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack", re:"ssh/login/release=SLK(10\.0|10\.1|10\.2|8\.1|9\.0|9\.1|current)");
script_xref(name:"Advisory-ID", value:"SSA:2005-310-01");
script_xref(name:"URL", value:"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010");
script_xref(name:"URL", value:"http://curl.haxx.se/docs/security.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'curl/wget' package(s) announced via the SSA:2005-310-01 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2,
and -current, and new wget packages are available for Slackware 8.1,
9.0, 9.1, 10.0, 10.1, 10.2, and -current. These address a buffer
overflow in NTLM handling which may present a security problem, though
no public exploits are known at this time.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[link moved to references]
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer
overflow in libcurl's NTLM function that could have possible security
implications.
For more details, see:
[links moved to references]
(* Security fix *)
patches/packages/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that could
have possible security implications.
For more details, see:
[link moved to references]
(* Security fix *)
+--------------------------+");
script_tag(name:"affected", value:"'curl/wget' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-slack.inc");
release = slk_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLK10.0") {
if(!isnull(res = isslkpkgvuln(pkg:"curl", ver:"7.12.2-i486-2", rls:"SLK10.0"))) {
report += res;
}
if(!isnull(res = isslkpkgvuln(pkg:"wget", ver:"1.10.2-i486-1", rls:"SLK10.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK10.1") {
if(!isnull(res = isslkpkgvuln(pkg:"curl", ver:"7.12.2-i486-2", rls:"SLK10.1"))) {
report += res;
}
if(!isnull(res = isslkpkgvuln(pkg:"wget", ver:"1.10.2-i486-1", rls:"SLK10.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK10.2") {
if(!isnull(res = isslkpkgvuln(pkg:"curl", ver:"7.12.2-i486-2", rls:"SLK10.2"))) {
report += res;
}
if(!isnull(res = isslkpkgvuln(pkg:"wget", ver:"1.10.2-i486-1", rls:"SLK10.2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK8.1") {
if(!isnull(res = isslkpkgvuln(pkg:"wget", ver:"1.10.2-i386-1", rls:"SLK8.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK9.0") {
if(!isnull(res = isslkpkgvuln(pkg:"wget", ver:"1.10.2-i386-1", rls:"SLK9.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK9.1") {
if(!isnull(res = isslkpkgvuln(pkg:"curl", ver:"7.10.7-i486-2", rls:"SLK9.1"))) {
report += res;
}
if(!isnull(res = isslkpkgvuln(pkg:"wget", ver:"1.10.2-i486-1", rls:"SLK9.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLKcurrent") {
if(!isnull(res = isslkpkgvuln(pkg:"curl", ver:"7.12.2-i486-2", rls:"SLKcurrent"))) {
report += res;
}
if(!isnull(res = isslkpkgvuln(pkg:"wget", ver:"1.10.2-i486-1", rls:"SLKcurrent"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation