CVE - CVE-2005-3185

CVE-ID
CVE-2005-3185	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability URL:http://www.idefense.com/application/poi/display?id=322&type=vulnerabilities APPLE:APPLE-SA-2005-11-29 URL:http://docs.info.apple.com/article.html?artnum=302847 DEBIAN:DSA-919 URL:http://www.debian.org/security/2005/dsa-919 FEDORA:FEDORA-2005-1000 URL:http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html FEDORA:FEDORA-2005-1129 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html GENTOO:GLSA-200510-19 URL:http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml MANDRIVA:MDKSA-2005:182 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:182 REDHAT:RHSA-2005:807 URL:http://www.redhat.com/support/errata/RHSA-2005-807.html REDHAT:RHSA-2005:812 URL:http://www.redhat.com/support/errata/RHSA-2005-812.html SCO:SCOSA-2006.10 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt SLACKWARE:SSA:2005-310-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010 SUSE:SUSE-SA:2005:063 URL:http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html TRUSTIX:TSLSA-2005-0059 URL:http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html UBUNTU:USN-205-1 URL:https://usn.ubuntu.com/205-1/ BID:15102 URL:http://www.securityfocus.com/bid/15102 BID:15647 URL:http://www.securityfocus.com/bid/15647 OVAL:oval:org.mitre.oval:def:9810 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810 VUPEN:ADV-2005-2125 URL:http://www.vupen.com/english/advisories/2005/2125 VUPEN:ADV-2005-2088 URL:http://www.vupen.com/english/advisories/2005/2088 VUPEN:ADV-2005-2659 URL:http://www.vupen.com/english/advisories/2005/2659 OSVDB:20011 URL:http://www.osvdb.org/20011 SECTRACK:1015056 URL:http://securitytracker.com/id?1015056 SECTRACK:1015057 URL:http://securitytracker.com/id?1015057 SECUNIA:17192 URL:http://secunia.com/advisories/17192 SECUNIA:17400 URL:http://secunia.com/advisories/17400 SECUNIA:17403 URL:http://secunia.com/advisories/17403 SECUNIA:17813 URL:http://secunia.com/advisories/17813 SECUNIA:17193 URL:http://secunia.com/advisories/17193 SECUNIA:17247 URL:http://secunia.com/advisories/17247 SECUNIA:17320 URL:http://secunia.com/advisories/17320 SECUNIA:17297 URL:http://secunia.com/advisories/17297 SECUNIA:17208 URL:http://secunia.com/advisories/17208 SECUNIA:17485 URL:http://secunia.com/advisories/17485 SECUNIA:17965 URL:http://secunia.com/advisories/17965 SECUNIA:19193 URL:http://secunia.com/advisories/19193 SECUNIA:17203 URL:http://secunia.com/advisories/17203 SECUNIA:17228 URL:http://secunia.com/advisories/17228 SREASON:82 URL:http://securityreason.com/securityalert/82 XF:wget-curl-ntlm-username-bo(22721) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22721
Assigning CNA
N/A
Date Entry Created
20051012	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051012)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.