curl -- authentication buffer overflow vulnerability.
Frank J. Laszlo
laszlof at tvog.net
Tue Mar 1 23:16:01 GMT 2005
Simon L. Nielsen wrote:
>On 2005.03.01 16:46:22 -0500, daniel quinn wrote:
>
>
>
>>Affected package: curl-7.12.3_2
>>Type of problem: curl -- authentication buffer overflow vulnerability.
>>Reference:
>><http://www.FreeBSD.org/ports/portaudit/96df5fd0-8900-11d9-aa18-0001020eed82.html>
>>
>>
>[...]
>
>
>
>>curl's website tells me that version 7.13.1 is available, so i'm thinking
>>this is isolated to freebsd.
>>
>>
>
>The issue is present on all operating systems which ship curl, not
>just FreeBSD. The latest version I can find is 7.13.0 which does not
>have the issues fixed yet.
>
>
Actually, the latest "FreeBSD" version is still 7.12.3. How that is any
different from the others I have no idea.
Thats probably the last version tested on FreeBSD. (after further
reading it appears that the version reflected there
is in direct relation to the version in ports.) Also note that the
vulnerability only exists if you are using NTLM authentication.
There is likely a way to disable this behavior if it is not being used.
Hope this helps.
Regards,
Frank laszlo
More information about the freebsd-ports
mailing list