INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | A security vulnerability was discovered in products that use libcurl when NTLM authentication is enabled. |
| PLATFORM: | Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4) Red Hat Linux Advanced Workstation 2.1 for Itanium Processor SGI ProPack 3 Service Pack 6 for SGI Altix family of systems Debian GNU/Linux 3.0 alias woody Debian GNU/Linux 3.1 alias sarge |
| DAMAGE: | Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. |
| SOLUTION: | Apply the available security updates. |
| VULNERABILITY ASSESSMENT: |
The risk is LOW. Exploiting this vulnerability allows a remote attacker to execute arbitrary code via a long NTLM username. A user must be tricked into connecting to a malicious web server using NTLM authentication. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/q-039.shtml |
| ORIGINAL BULLETIN: | https://rhn.redhat.com/errata/RHSA-2005-807.html |
| ADDITIONAL LINKS: | https://rhn.redhat.com/errata/RHSA-2005-812.html SGI Security Advisory Update #51, Number 20051101-01-U ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc |
| Debian Security Advisory DSA-919-1 http://www.debian.org/security/2005/dsa-919 |
|
| CVE: | CVE-2005-3185 |
REVISION HISTORY:
11/29/2005 - added a link SGI Advanced Linux Environment 3 Security Update #51
(#20051101-01-U) that provides Patch 10242 for SGI ProPack 3
Service Pack 6.
12/12/2005 - added a link to Debian Security Advisory DSA-919-1 for Debian
GNU/Linux 3.0 alias woody and Debian GNU/Linux 3.1 alias sarge.
[***** Start Red Hat Security Advisory RHSA-2005:807 *****]
| Advisory: | RHSA-2005:807-6 |
|---|---|
| Type: | Security Advisory |
| Issued on: | 2005-11-02 |
| Last updated on: | 2005-11-02 |
| Affected Products: | Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) |
| CVEs (cve.mitre.org): | CVE-2005-3185 |
Updated curl packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols.
A stack based buffer overflow bug was found in cURL's NTLM authentication
module. It is possible to execute arbitrary code on a user's machine if
the user can be tricked into connecting to a malicious web server using
NTLM authentication. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3185 to this issue.
All users of curl are advised to upgrade to these updated packages, which
contain a backported patch that resolve this issue.
| Red Hat Desktop (v. 3) | |
| SRPMS: | |
| curl-7.10.6-7.rhel3.src.rpm | 1b0d0a36924e60bf0c6ef75974c04ca8 |
| IA-32: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-devel-7.10.6-7.rhel3.i386.rpm | 70ad959c7f566c2145d6024845d3a78f |
| x86_64: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-7.10.6-7.rhel3.x86_64.rpm | 8646b2ff68f5f1ee2cc1ff5da875e7c7 |
| curl-devel-7.10.6-7.rhel3.x86_64.rpm | 65db40cfdfc676fd1a12c0b6bfae699a |
| Red Hat Desktop (v. 4) | |
| SRPMS: | |
| curl-7.12.1-6.rhel4.src.rpm | 354e2083a66997cc4f868b08f049798e |
| IA-32: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-devel-7.12.1-6.rhel4.i386.rpm | 0bab280280fa3770e00b88cf34dab80e |
| x86_64: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-7.12.1-6.rhel4.x86_64.rpm | dc308198a4f9c9e5477911096a5e65de |
| curl-devel-7.12.1-6.rhel4.x86_64.rpm | 6cc5d58957f9ddb9fef20c6201fe4e33 |
| Red Hat Enterprise Linux AS (v. 3) | |
| SRPMS: | |
| curl-7.10.6-7.rhel3.src.rpm | 1b0d0a36924e60bf0c6ef75974c04ca8 |
| IA-32: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-devel-7.10.6-7.rhel3.i386.rpm | 70ad959c7f566c2145d6024845d3a78f |
| IA-64: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-7.10.6-7.rhel3.ia64.rpm | 199d6a6f2e21733a86ed346b2cbe089f |
| curl-devel-7.10.6-7.rhel3.ia64.rpm | 0b95f082281ae4d9d460281b39b46aa0 |
| PPC: | |
| curl-7.10.6-7.rhel3.ppc.rpm | 77a1836af930e5326110ee8690317901 |
| curl-7.10.6-7.rhel3.ppc64.rpm | 908d24e3cbc7d08036d43733d7ae2022 |
| curl-devel-7.10.6-7.rhel3.ppc.rpm | 0fc4b76591d36237efc18d58bb1566ec |
| s390: | |
| curl-7.10.6-7.rhel3.s390.rpm | 7ade82b95dae4bc22e4030731ffbc641 |
| curl-devel-7.10.6-7.rhel3.s390.rpm | 1ceb1c3662fb96ea90ebda1c46df2706 |
| s390x: | |
| curl-7.10.6-7.rhel3.s390.rpm | 7ade82b95dae4bc22e4030731ffbc641 |
| curl-7.10.6-7.rhel3.s390x.rpm | b246e88f93093cb48eb1a86a8b80fe71 |
| curl-devel-7.10.6-7.rhel3.s390x.rpm | aa34b35194bba528ed3b2c066b709508 |
| x86_64: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-7.10.6-7.rhel3.x86_64.rpm | 8646b2ff68f5f1ee2cc1ff5da875e7c7 |
| curl-devel-7.10.6-7.rhel3.x86_64.rpm | 65db40cfdfc676fd1a12c0b6bfae699a |
| Red Hat Enterprise Linux AS (v. 4) | |
| SRPMS: | |
| curl-7.12.1-6.rhel4.src.rpm | 354e2083a66997cc4f868b08f049798e |
| IA-32: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-devel-7.12.1-6.rhel4.i386.rpm | 0bab280280fa3770e00b88cf34dab80e |
| IA-64: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-7.12.1-6.rhel4.ia64.rpm | 07c388d071c757bbc7333538f3258ea3 |
| curl-devel-7.12.1-6.rhel4.ia64.rpm | 1009a4b23eccdf737d123cd073000d57 |
| PPC: | |
| curl-7.12.1-6.rhel4.ppc.rpm | bbb86cd7e5976de2a7784c32db0e4233 |
| curl-7.12.1-6.rhel4.ppc64.rpm | f12164cdc06758194f8c5c7893a63836 |
| curl-devel-7.12.1-6.rhel4.ppc.rpm | e410212395e7af4797aae342bdf1a590 |
| s390: | |
| curl-7.12.1-6.rhel4.s390.rpm | cc8e0c6478a8af638c61e406ddafbaaa |
| curl-devel-7.12.1-6.rhel4.s390.rpm | 61b6e8d9e57dcf391b202bb81db6955b |
| s390x: | |
| curl-7.12.1-6.rhel4.s390.rpm | cc8e0c6478a8af638c61e406ddafbaaa |
| curl-7.12.1-6.rhel4.s390x.rpm | 5c79c8a8422d02e326f9b3654fd6805c |
| curl-devel-7.12.1-6.rhel4.s390x.rpm | e5c6bb0ff192c70f77557235b9791c96 |
| x86_64: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-7.12.1-6.rhel4.x86_64.rpm | dc308198a4f9c9e5477911096a5e65de |
| curl-devel-7.12.1-6.rhel4.x86_64.rpm | 6cc5d58957f9ddb9fef20c6201fe4e33 |
| Red Hat Enterprise Linux ES (v. 3) | |
| SRPMS: | |
| curl-7.10.6-7.rhel3.src.rpm | 1b0d0a36924e60bf0c6ef75974c04ca8 |
| IA-32: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-devel-7.10.6-7.rhel3.i386.rpm | 70ad959c7f566c2145d6024845d3a78f |
| IA-64: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-7.10.6-7.rhel3.ia64.rpm | 199d6a6f2e21733a86ed346b2cbe089f |
| curl-devel-7.10.6-7.rhel3.ia64.rpm | 0b95f082281ae4d9d460281b39b46aa0 |
| x86_64: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-7.10.6-7.rhel3.x86_64.rpm | 8646b2ff68f5f1ee2cc1ff5da875e7c7 |
| curl-devel-7.10.6-7.rhel3.x86_64.rpm | 65db40cfdfc676fd1a12c0b6bfae699a |
| Red Hat Enterprise Linux ES (v. 4) | |
| SRPMS: | |
| curl-7.12.1-6.rhel4.src.rpm | 354e2083a66997cc4f868b08f049798e |
| IA-32: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-devel-7.12.1-6.rhel4.i386.rpm | 0bab280280fa3770e00b88cf34dab80e |
| IA-64: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-7.12.1-6.rhel4.ia64.rpm | 07c388d071c757bbc7333538f3258ea3 |
| curl-devel-7.12.1-6.rhel4.ia64.rpm | 1009a4b23eccdf737d123cd073000d57 |
| x86_64: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-7.12.1-6.rhel4.x86_64.rpm | dc308198a4f9c9e5477911096a5e65de |
| curl-devel-7.12.1-6.rhel4.x86_64.rpm | 6cc5d58957f9ddb9fef20c6201fe4e33 |
| Red Hat Enterprise Linux WS (v. 3) | |
| SRPMS: | |
| curl-7.10.6-7.rhel3.src.rpm | 1b0d0a36924e60bf0c6ef75974c04ca8 |
| IA-32: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-devel-7.10.6-7.rhel3.i386.rpm | 70ad959c7f566c2145d6024845d3a78f |
| IA-64: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-7.10.6-7.rhel3.ia64.rpm | 199d6a6f2e21733a86ed346b2cbe089f |
| curl-devel-7.10.6-7.rhel3.ia64.rpm | 0b95f082281ae4d9d460281b39b46aa0 |
| x86_64: | |
| curl-7.10.6-7.rhel3.i386.rpm | ecfce4eee3ede7414af9419bb857a663 |
| curl-7.10.6-7.rhel3.x86_64.rpm | 8646b2ff68f5f1ee2cc1ff5da875e7c7 |
| curl-devel-7.10.6-7.rhel3.x86_64.rpm | 65db40cfdfc676fd1a12c0b6bfae699a |
| Red Hat Enterprise Linux WS (v. 4) | |
| SRPMS: | |
| curl-7.12.1-6.rhel4.src.rpm | 354e2083a66997cc4f868b08f049798e |
| IA-32: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-devel-7.12.1-6.rhel4.i386.rpm | 0bab280280fa3770e00b88cf34dab80e |
| IA-64: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-7.12.1-6.rhel4.ia64.rpm | 07c388d071c757bbc7333538f3258ea3 |
| curl-devel-7.12.1-6.rhel4.ia64.rpm | 1009a4b23eccdf737d123cd073000d57 |
| x86_64: | |
| curl-7.12.1-6.rhel4.i386.rpm | 7932c8695503fdf03165952b4c5ded91 |
| curl-7.12.1-6.rhel4.x86_64.rpm | dc308198a4f9c9e5477911096a5e65de |
| curl-devel-7.12.1-6.rhel4.x86_64.rpm | 6cc5d58957f9ddb9fef20c6201fe4e33 |
| (The unlinked packages above are only available from the Red Hat Network) |
|
170678 - CAN-2005-3185 NTLM buffer overflow
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
[***** End Red Hat Security Advisory RHSA-2005:807 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/