Ubuntu Security Notice USN-86-1
28th February, 2005
curl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
infamous41md discovered a buffer overflow in cURL's NT LAN Manager
(NTLM) authentication handling. By sending a specially crafted long
NTLM reply packet, a remote attacker could overflow the reply buffer.
This could lead to execution of arbitrary attacker specified code with
the privileges of the application using the cURL library.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- libcurl2
- libcurl2-gssapi
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None