Mandrake Linux Security Advisory : curl (MDKSA-2005:182)
High Nessus Plugin ID 20042
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to libcurl that together are longer than 192 bytes or b) allow (lib)curl to follow HTTP redirects and the new URL contains a URL with a user and domain name that together are longer than 192 bytes.
The updated packages have been patched to address this issue.
SolutionUpdate the affected packages.