USN-86-1: cURL vulnerability

28 February 2005

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

infamous41md discovered a buffer overflow in cURL’s NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libcurl2
libcurl2-gssapi

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References