curl: NTLM response buffer overflow — GLSA 200503-20

curl is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

Affected Packages

net-misc/curl on all architectures
Affected versions < 7.13.1
Unaffected versions >= 7.13.1

Background

curl is a command line tool for transferring files via many different protocols.

Description

curl fails to properly check boundaries when handling NTLM authentication.

Impact

With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading to the execution of arbitrary code with the permissions of the user running curl.

Workaround

Disable NTLM authentication by not using the --anyauth or --ntlm options.

Resolution

All curl users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1"

References

Release Date
March 16, 2005

Latest Revision
March 16, 2005: 01

Severity
normal

Exploitable
remote

Bugzilla entries