SUSE-SA:2005:011: curl

Medium Nessus Plugin ID 17238


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2005:011 (curl).

[email protected] reported a vulnerability in libcurl, the HTTP/FTP retrieval library. This library is used by lots of programs, including YaST2 and PHP4.

The NTLM authorization in curl had a buffer overflow in the base64 decoding which allows a remote attacker using a prepared remote server to execute code for the user using curl.

The Kerberos authorization has a similar bug, but is not compiled in on SUSE Linux.

This is tracked by the Mitre CVE ID CVE-2005-0490.


Plugin Details

Severity: Medium

ID: 17238

File Name: suse_SA_2005_011.nasl

Version: $Revision: 1.7 $

Agent: unix

Published: 2005/03/01

Modified: 2016/12/27

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2005-0490