7.5

CVE-2005-3185

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CurlCurl Version7.13.2
LibcurlLibcurl Version7.13.2
WgetWget Version1.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.19% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.info.apple.com/article.html?artnum=302847
http://secunia.com/advisories/17813
Vendor Advisory
http://www.securityfocus.com/bid/15647
http://www.vupen.com/english/advisories/2005/2659
Vendor Advisory
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
http://secunia.com/advisories/19193
Vendor Advisory
http://secunia.com/advisories/17192
Vendor Advisory
http://secunia.com/advisories/17193
Vendor Advisory
http://secunia.com/advisories/17203
Vendor Advisory
http://secunia.com/advisories/17208
Vendor Advisory
http://secunia.com/advisories/17228
Vendor Advisory
http://secunia.com/advisories/17247
Vendor Advisory
http://secunia.com/advisories/17297
Vendor Advisory
http://secunia.com/advisories/17320
Vendor Advisory
http://secunia.com/advisories/17400
Vendor Advisory
http://secunia.com/advisories/17403
Vendor Advisory
http://secunia.com/advisories/17485
Vendor Advisory
http://secunia.com/advisories/17965
Vendor Advisory
http://securityreason.com/securityalert/82
http://securitytracker.com/id?1015056
http://securitytracker.com/id?1015057
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010
http://www.debian.org/security/2005/dsa-919
http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml
http://www.idefense.com/application/poi/display?id=322&type=vulnerabilities
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:182
http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html
http://www.osvdb.org/20011
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html
http://www.redhat.com/support/errata/RHSA-2005-807.html
http://www.redhat.com/support/errata/RHSA-2005-812.html
http://www.securityfocus.com/bid/15102
http://www.vupen.com/english/advisories/2005/2088
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2125
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/22721
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810
https://usn.ubuntu.com/205-1/