Red Hat Bugzilla – Bug 152917
CAN-2005-0490 curl buffer overflow
Last modified: 2007-04-18 13:22:29 EDT
"infamous41md" discovered a buffer overflow vulnerability in libcurl's NTLM authorization base64 decoding. This could allow a remote attacker using a prepared remote server to execute arbitrary code as the user running curl. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities ------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:32 ------- This bug previously known as bug 2448 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2448 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
https://rhn.redhat.com/errata/RHSA-2005-340.html
An initial version of patched sources for RH7.3 is currently available as ftp://ftp.harddata.com/pub/Legacy_srpms/curl-7.9.8-6.7x.hd.src.rpm
*** Bug 149323 has been marked as a duplicate of this bug. ***
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: Changelog: * Sun Jun 12 2005 Marc Deslauriers <marcdeslauriers@videotron.ca> 7.9.5-2.1.legacy - - Added patch for CAN-2005-0490 Multiple stack based buffer overflows in curl rh73: c26cf61853e0968181720cd4cdcaf569b32602ce curl-7.9.5-2.1.legacy.i386.rpm aa5730704716228e01a4704fba54f905bc164fd7 curl-7.9.5-2.1.legacy.src.rpm 4d4e771bf64f474111d52e8712afea37673508d1 curl-devel-7.9.5-2.1.legacy.i386.rpm 7.3 Source: http://www.infostrategique.com/linuxrpms/legacy/7.3/curl-7.9.5-2.1.legacy.src.rpm 7.3 Binaries: http://www.infostrategique.com/linuxrpms/legacy/7.3/ rh9: 724ffcc363b9be1e148cec79d6d03c0861cf5e94 curl-7.9.8-5.1.legacy.i386.rpm 6aca4afb76aa74cde6eca72ec946b494dbc1321c curl-7.9.8-5.1.legacy.src.rpm a52c5f2d245bc6e7ca463f0fcf2ee6aca7fba1b7 curl-devel-7.9.8-5.1.legacy.i386.rpm 9 Source: http://www.infostrategique.com/linuxrpms/legacy/9/curl-7.9.8-5.1.legacy.src.rpm 9 Binaries: http://www.infostrategique.com/linuxrpms/legacy/9/ fc1: d3ca92ade642ff9b7836c42c6fe30fd8943d75b8 curl-7.10.6-7.1.legacy.i386.rpm d413b0fa8ded740dc416c34cead8e14dc3a9ef4d curl-7.10.6-7.1.legacy.src.rpm e5ca1d9b95986c52b3d7a8ec322d4bc0e61a0ca0 curl-devel-7.10.6-7.1.legacy.i386.rpm fc1 Source: http://www.infostrategique.com/linuxrpms/legacy/1/curl-7.10.6-7.1.legacy.src.rpm fc1 Binaries: http://www.infostrategique.com/linuxrpms/legacy/1/ fc2: cfe177740dcbd64a025dccca3fc249122c359b9a curl-7.11.1-1.1.legacy.i386.rpm 13e69949706b828fd083e2480cc7ffce97f2d992 curl-7.11.1-1.1.legacy.src.rpm 8bbbd1612af436a2182984e853e034efce9510c0 curl-devel-7.11.1-1.1.legacy.i386.rpm fc2 Source: http://www.infostrategique.com/linuxrpms/legacy/2/curl-7.11.1-1.1.legacy.src.rpm fc2 Binaries: http://www.infostrategique.com/linuxrpms/legacy/2/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCrFIoLMAs/0C4zNoRAnyIAJ0cElyL3sr36LD2hdAr/VOQdxZWVQCglG8F Kp7qivBD81q2QUtmOtm77GY= =PB0C -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches for FC1/FC2 match RHEL3, patches for RHL73/RHL9 match RHEL21 (main difference is that the former has http_ntlm.c patches while the latter doesn't, but I checked that 7.9.x doesn't have http_htlm.c at all.) +PUBLISH RHL73, RHL9, FC1, FC2 d413b0fa8ded740dc416c34cead8e14dc3a9ef4d curl-7.10.6-7.1.legacy.src.rpm 13e69949706b828fd083e2480cc7ffce97f2d992 curl-7.11.1-1.1.legacy.src.rpm aa5730704716228e01a4704fba54f905bc164fd7 curl-7.9.5-2.1.legacy.src.rpm 6aca4afb76aa74cde6eca72ec946b494dbc1321c curl-7.9.8-5.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCsnE+GHbTkzxSL7QRAt/VAKCvkA/rW5BRyHCWIZGpFbYt/G4DygCgg+QK 7wYXfE3M0H1rZLbWpcdybF8= =2qNA -----END PGP SIGNATURE-----
Packages were pushed to updates-testing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Quick test on RHL9 and RHL73. Used 'curl' to fetch a couple of web pages, no problems. +VERIFY RHL9, RHL73 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCwpgIGHbTkzxSL7QRAkChAKCKxFngCCTGUQw26Ib8LINNuKRKSQCg2JKN kcW+tQIQYYtG7Po+9m4gFOI= =wbC8 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY for RHL 9 Packages: curl-7.9.8-5.2.legacy.i386.rpm curl-devel-7.9.8-5.2.legacy.i386.rpm SHA1 checksums all match test update advisory. Signatures verify okay. Installed on a desktop machine I use everyday for hours on end. Installed without issues. Used it for 2 days without problem. Did not do any actual testing of it directly, just noted that it installed and after 2 days I saw no problems. All seems good. Vote for release for RHL 9. ++VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCxDUX4jZRbknHoPIRAkyHAJsGclcrC0fMbWNYSLQDZ+ZeLQJUAwCeNs/f SDINhWzdChUsVxE9fH/+UQk= =ZTNW -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY RHL 7.3 8032bf94d434873de3f02100fd8eb36b206cba02 curl-7.9.5-2.2.legacy.i386.rpm Runs fine on test and production (scripts) systems. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC0aXNMyG7U7lo69MRArV7AJ4lL+cje6LARMrnut3e0erxm8uQ3QCgtjiF /ahz+8Rjt0SqhEHpUHj9KlU= =bIPm -----END PGP SIGNATURE-----
Timeout over.
Packages were released to updates.