Bug 174477

Summary: CAN-2005-3185 WGet/Curl NTLM Username Buffer Overflow
Product: [Retired] Fedora Legacy Reporter: John Dalbec <jpdalbec>
Component: wgetAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rhl7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://www.securityfocus.com/bid/15102
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-30 19:57:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Dalbec 2005-11-29 14:05:29 UTC 
+++ This bug was initially created as a clone of Bug #174476 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5)
Gecko/20051012 Netscape/8.0.4

Description of problem:
05.42.13 CVE: CAN-2005-3185
Platform: Unix
Title: Multiple Vendor WGet/Curl NTLM Username Buffer Overflow
Vulnerability
Description: GNU wget is a software package for retrieving files using
HTTP, HTTPS and FTP. CURL is a command line tool for transferring
files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER,
TELNET, DICT, FILE and LDAP. They are reported to be vulnerable to a
buffer overflow issue due to improper boundary checking on user
supplied data.
Ref: http://www.securityfocus.com/bid/15102 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Jesse Keating 2007-08-30 19:57:13 UTC 
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.