The NTLM authentication code in wget was derived form the libcurl NTLM auth, so wget is vulnerable to this issue. This text was scavanged from the libcurl advisory: libcurl's NTLM function can overflow a stack-based buffer if given a too long user name or domain name. This would happen if you enable NTLM authentication and either: A - pass in a user name and domain name to libcurl that together are longer than 192 bytes B - allow (lib)curl to follow HTTP "redirects" (Location: and the appropriate HTTP 30x response code) and the new URL contains a URL with a user name and domain name that together are longer than 192 bytes
Created attachment 119931 [details] Proposed patch from upstream
This issue also affects RHEL2.1 and RHEL3
RHSA-2005:812
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-812.html