CVE - CVE-2005-3185

CVE-ID
CVE-2005-3185	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2005-11-29 URL:http://docs.info.apple.com/article.html?artnum=302847 BID:15102 URL:http://www.securityfocus.com/bid/15102 BID:15647 URL:http://www.securityfocus.com/bid/15647 DEBIAN:DSA-919 URL:http://www.debian.org/security/2005/dsa-919 FEDORA:FEDORA-2005-1000 URL:http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html FEDORA:FEDORA-2005-1129 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html GENTOO:GLSA-200510-19 URL:http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml IDEFENSE:20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability URL:http://www.idefense.com/application/poi/display?id=322&type=vulnerabilities MANDRIVA:MDKSA-2005:182 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:182~~ (Obsolete source) OSVDB:20011 URL:~~http://www.osvdb.org/20011~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9810 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810 REDHAT:RHSA-2005:807 URL:http://www.redhat.com/support/errata/RHSA-2005-807.html REDHAT:RHSA-2005:812 URL:http://www.redhat.com/support/errata/RHSA-2005-812.html SCO:SCOSA-2006.10 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt SECTRACK:1015056 URL:http://securitytracker.com/id?1015056 SECTRACK:1015057 URL:http://securitytracker.com/id?1015057 SECUNIA:17192 URL:http://secunia.com/advisories/17192 SECUNIA:17193 URL:http://secunia.com/advisories/17193 SECUNIA:17203 URL:http://secunia.com/advisories/17203 SECUNIA:17208 URL:http://secunia.com/advisories/17208 SECUNIA:17228 URL:http://secunia.com/advisories/17228 SECUNIA:17247 URL:http://secunia.com/advisories/17247 SECUNIA:17297 URL:http://secunia.com/advisories/17297 SECUNIA:17320 URL:http://secunia.com/advisories/17320 SECUNIA:17400 URL:http://secunia.com/advisories/17400 SECUNIA:17403 URL:http://secunia.com/advisories/17403 SECUNIA:17485 URL:http://secunia.com/advisories/17485 SECUNIA:17813 URL:http://secunia.com/advisories/17813 SECUNIA:17965 URL:http://secunia.com/advisories/17965 SECUNIA:19193 URL:http://secunia.com/advisories/19193 SLACKWARE:SSA:2005-310-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010 SREASON:82 URL:http://securityreason.com/securityalert/82 SUSE:SUSE-SA:2005:063 URL:http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html TRUSTIX:TSLSA-2005-0059 URL:~~http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html~~ (Obsolete source - check if archived by the Wayback Machine) UBUNTU:USN-205-1 URL:https://usn.ubuntu.com/205-1/ VUPEN:ADV-2005-2088 URL:~~http://www.vupen.com/english/advisories/2005/2088~~ (Obsolete source) VUPEN:ADV-2005-2125 URL:~~http://www.vupen.com/english/advisories/2005/2125~~ (Obsolete source) VUPEN:ADV-2005-2659 URL:~~http://www.vupen.com/english/advisories/2005/2659~~ (Obsolete source) XF:wget-curl-ntlm-username-bo(22721) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22721
Assigning CNA
MITRE Corporation
Date Record Created
20051012	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051012)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)