Curl NTLM Buffer Overflow
High Log Correlation Engine Plugin ID 801390
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is using a version of curl (or libcurl) that is vulnerable to a remote buffer overflows. To exploit, an attacker would have to set up a rogue web server that would reply with a malicious NTLM authentication request. Upon successful exploitation, the attacker would be able to execute arbitrary commands with the rights of the web server.
SolutionUpgrade or patch according to vendor recommendations.