Bug 152917 - CAN-2005-0490 curl buffer overflow
Summary: CAN-2005-0490 curl buffer overflow
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: curl
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: LEGACY, 1, 2, rh73, rh90
: 149323 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-10 20:46 UTC by Marc Deslauriers
Modified: 2007-04-18 17:22 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-07-16 02:10:36 UTC
Embargoed:


Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:32:01 UTC
"infamous41md" discovered a buffer overflow vulnerability in
 libcurl's NTLM authorization base64 decoding.  This could allow a
 remote attacker using a prepared remote server to execute arbitrary
 code as the user running curl.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities



------- Bug moved to this database by dkl 2005-03-30 18:32 -------

This bug previously known as bug 2448 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2448
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.



Comment 1 Marc Deslauriers 2005-04-07 23:41:30 UTC
https://rhn.redhat.com/errata/RHSA-2005-340.html

Comment 2 Michal Jaegermann 2005-04-12 16:14:54 UTC
An initial version of patched sources for RH7.3 is currently available as
ftp://ftp.harddata.com/pub/Legacy_srpms/curl-7.9.8-6.7x.hd.src.rpm

Comment 3 Pekka Savola 2005-05-16 10:32:07 UTC
*** Bug 149323 has been marked as a duplicate of this bug. ***

Comment 4 Marc Deslauriers 2005-06-12 15:18:51 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

Changelog:
* Sun Jun 12 2005 Marc Deslauriers <marcdeslauriers> 7.9.5-2.1.legacy
- - Added patch for CAN-2005-0490 Multiple stack based buffer overflows in curl

rh73:
c26cf61853e0968181720cd4cdcaf569b32602ce  curl-7.9.5-2.1.legacy.i386.rpm
aa5730704716228e01a4704fba54f905bc164fd7  curl-7.9.5-2.1.legacy.src.rpm
4d4e771bf64f474111d52e8712afea37673508d1  curl-devel-7.9.5-2.1.legacy.i386.rpm

7.3 Source:
http://www.infostrategique.com/linuxrpms/legacy/7.3/curl-7.9.5-2.1.legacy.src.rpm
7.3 Binaries:
http://www.infostrategique.com/linuxrpms/legacy/7.3/

rh9:
724ffcc363b9be1e148cec79d6d03c0861cf5e94  curl-7.9.8-5.1.legacy.i386.rpm
6aca4afb76aa74cde6eca72ec946b494dbc1321c  curl-7.9.8-5.1.legacy.src.rpm
a52c5f2d245bc6e7ca463f0fcf2ee6aca7fba1b7  curl-devel-7.9.8-5.1.legacy.i386.rpm

9 Source:
http://www.infostrategique.com/linuxrpms/legacy/9/curl-7.9.8-5.1.legacy.src.rpm
9 Binaries:
http://www.infostrategique.com/linuxrpms/legacy/9/

fc1:
d3ca92ade642ff9b7836c42c6fe30fd8943d75b8  curl-7.10.6-7.1.legacy.i386.rpm
d413b0fa8ded740dc416c34cead8e14dc3a9ef4d  curl-7.10.6-7.1.legacy.src.rpm
e5ca1d9b95986c52b3d7a8ec322d4bc0e61a0ca0  curl-devel-7.10.6-7.1.legacy.i386.rpm

fc1 Source:
http://www.infostrategique.com/linuxrpms/legacy/1/curl-7.10.6-7.1.legacy.src.rpm
fc1 Binaries:
http://www.infostrategique.com/linuxrpms/legacy/1/

fc2:
cfe177740dcbd64a025dccca3fc249122c359b9a  curl-7.11.1-1.1.legacy.i386.rpm
13e69949706b828fd083e2480cc7ffce97f2d992  curl-7.11.1-1.1.legacy.src.rpm
8bbbd1612af436a2182984e853e034efce9510c0  curl-devel-7.11.1-1.1.legacy.i386.rpm

fc2 Source:
http://www.infostrategique.com/linuxrpms/legacy/2/curl-7.11.1-1.1.legacy.src.rpm
fc2 Binaries:
http://www.infostrategique.com/linuxrpms/legacy/2/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCrFIoLMAs/0C4zNoRAnyIAJ0cElyL3sr36LD2hdAr/VOQdxZWVQCglG8F
Kp7qivBD81q2QUtmOtm77GY=
=PB0C
-----END PGP SIGNATURE-----


Comment 5 Pekka Savola 2005-06-17 06:44:44 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - patches for FC1/FC2 match RHEL3, patches for RHL73/RHL9 match RHEL21
   (main difference is that the former has http_ntlm.c patches while
    the latter doesn't, but I checked that 7.9.x doesn't have http_htlm.c
    at all.)
 
+PUBLISH RHL73, RHL9, FC1, FC2
 
d413b0fa8ded740dc416c34cead8e14dc3a9ef4d  curl-7.10.6-7.1.legacy.src.rpm
13e69949706b828fd083e2480cc7ffce97f2d992  curl-7.11.1-1.1.legacy.src.rpm
aa5730704716228e01a4704fba54f905bc164fd7  curl-7.9.5-2.1.legacy.src.rpm
6aca4afb76aa74cde6eca72ec946b494dbc1321c  curl-7.9.8-5.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCsnE+GHbTkzxSL7QRAt/VAKCvkA/rW5BRyHCWIZGpFbYt/G4DygCgg+QK
7wYXfE3M0H1rZLbWpcdybF8=
=2qNA
-----END PGP SIGNATURE-----


Comment 6 Marc Deslauriers 2005-06-20 10:43:10 UTC
Packages were pushed to updates-testing

Comment 7 Pekka Savola 2005-06-29 12:46:31 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Quick test on RHL9 and RHL73.  Used 'curl' to fetch a couple of web pages,
no problems.
 
+VERIFY RHL9, RHL73
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCwpgIGHbTkzxSL7QRAkChAKCKxFngCCTGUQw26Ib8LINNuKRKSQCg2JKN
kcW+tQIQYYtG7Po+9m4gFOI=
=wbC8
-----END PGP SIGNATURE-----


Comment 8 Eric Jon Rostetter 2005-06-30 18:09:45 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
                                                                                
++VERIFY for RHL 9
                                                                                
Packages:
curl-7.9.8-5.2.legacy.i386.rpm
curl-devel-7.9.8-5.2.legacy.i386.rpm
                                                                                
SHA1 checksums all match test update advisory.  Signatures verify okay.
                                                                                
Installed on a desktop machine I use everyday for hours on end.
Installed without issues.  Used it for 2 days without problem.
Did not do any actual testing of it directly, just noted that it installed
and after 2 days I saw no problems.  All seems good.
 
Vote for release for RHL 9. ++VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
iD8DBQFCxDUX4jZRbknHoPIRAkyHAJsGclcrC0fMbWNYSLQDZ+ZeLQJUAwCeNs/f
SDINhWzdChUsVxE9fH/+UQk=
=ZTNW
-----END PGP SIGNATURE-----


Comment 9 Jim Popovitch 2005-07-10 22:48:01 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

++VERIFY RHL 7.3

8032bf94d434873de3f02100fd8eb36b206cba02  curl-7.9.5-2.2.legacy.i386.rpm

Runs fine on test and production (scripts) systems.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC0aXNMyG7U7lo69MRArV7AJ4lL+cje6LARMrnut3e0erxm8uQ3QCgtjiF
/ahz+8Rjt0SqhEHpUHj9KlU=
=bIPm
-----END PGP SIGNATURE-----


Comment 10 Pekka Savola 2005-07-14 07:09:26 UTC
Timeout over.

Comment 11 Marc Deslauriers 2005-07-16 02:10:36 UTC
Packages were released to updates.


Note You need to log in before you can comment on or make changes to this bug.