cURL/libcURL Kerberos Authentication Multiple Function Overflows

2005-02-21T05:23:30
ID OSVDB:14034
Type osvdb
Reporter infamous41md(infamous41md@hotpop.com)
Modified 2005-02-21T05:23:30

Description

Vulnerability Description

A remote overflow exists in cURL. cURL fails to verify the buffer lenght of base64 decoded values in Curl_krb_kauth and krb4_auth functions in Kerberos authentication resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Recompile cURL without Kerberos support.

Short Description

A remote overflow exists in cURL. cURL fails to verify the buffer lenght of base64 decoded values in Curl_krb_kauth and krb4_auth functions in Kerberos authentication resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://curl.haxx.se/ Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1013253 Secunia Advisory ID:14364 Secunia Advisory ID:14421 Secunia Advisory ID:14845 Secunia Advisory ID:14431 Secunia Advisory ID:14619 Secunia Advisory ID:15012 Related OSVDB ID: 14033 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-340.html Other Advisory URL: http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-86-1 Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_11_curl.html Other Advisory URL: http://security.gentoo.org/glsa/glsa-200503-20.xml CVE-2005-0490