cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

two buffer overflows

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Tue, 22 Feb 2005 12:47:15 +0100 (CET)

Just wanted to let you know about these two buffer overflows that were
announced publicly today. (We were not notified in advance.)

One of them concerns NTLM and the other krb4 ftp. Both can do bad stuff if
talking to a malicious server.

http://www.idefense.com/application/poi/display?id=202
http://www.idefense.com/application/poi/display?id=203

The issue has been posted to bugtraq and numerous security-related lists and
forums, so I expect a working "exploit" or "proof of concept" might show up.

There's a CAN number assigned to this (CAN-2005-0490 bundles both problems
with one number) and the NTLM problem is already fixed in CVS:
http://cool.haxx.se/cvs.cgi/curl/lib/http_ntlm.c.diff?r1=1.36&r2=1.37 This
patch should be possible to apply to many different curl versions.

I'm going away on vacation for a week now, but I'll put together a new release
when I get back.

You should be able to download a daily snapshot (starting tomorrow) or build
from a fresh CVS in case applying the diff is not good enough.

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html

Received on 2005-02-22

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Operation timed out with 0 out of -1 bytes received"
Previous message: Nayeem Syed: "Operation timed out with 0 out of -1 bytes received"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]