Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:SRVRSP:AUTH-RESP-OF

Severity

 Low

Recommended

 No

Category

 HTTP

Keywords

 Large Authentication Response

Release Date

 2005/03/15

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Large Authentication Response


This signature detects overly long NTLM authentication responses. A malicious server can respond with a large HTTP header to overflow client-side buffers. Several versions of cURL are vulnerable to this type of attack. A successful attack can allow code execution.

Extended Description

It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded. The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions.

Affected Products

  • ALT Linux ALT Linux Compact 2.3.0
  • ALT Linux ALT Linux Junior 2.3.0
  • Daniel Stenberg curl 6.5.1
  • Daniel Stenberg curl 6.5.2
  • Daniel Stenberg curl 7.1.0
  • Daniel Stenberg curl 7.10.1
  • Daniel Stenberg curl 7.10.3
  • Daniel Stenberg curl 7.10.4
  • Daniel Stenberg curl 7.10.5
  • Daniel Stenberg curl 7.10.6
  • Daniel Stenberg curl 7.10.7
  • Daniel Stenberg curl 7.10.8
  • Daniel Stenberg curl 7.1.1
  • Daniel Stenberg curl 7.11.0
  • Daniel Stenberg curl 7.11.1
  • Daniel Stenberg curl 7.11.2
  • Daniel Stenberg curl 7.12.0
  • Daniel Stenberg curl 7.12.1
  • Daniel Stenberg curl 7.12.2
  • Daniel Stenberg curl 7.12.3
  • Daniel Stenberg curl 7.13.0
  • Daniel Stenberg curl 7.2.0
  • Daniel Stenberg curl 7.2.1
  • Daniel Stenberg curl 7.3.0
  • Daniel Stenberg curl 7.4.0
  • Daniel Stenberg curl 7.4.1
  • Daniel Stenberg curl 7.8.2
  • F5 3-DNS 4.2.0
  • F5 3-DNS 4.3.0
  • F5 3-DNS 4.4.0
  • F5 3-DNS 4.5.0
  • F5 3-DNS 4.5.11
  • F5 3-DNS 4.5.12
  • F5 3-DNS 4.6.0
  • F5 3-DNS 4.6.2
  • F5 BigIP 4.0.0
  • F5 BigIP 4.2.0
  • F5 BigIP 4.3.0
  • F5 BigIP 4.4.0
  • F5 BigIP 4.5.0
  • F5 BigIP 4.5.10
  • F5 BigIP 4.5.11
  • F5 BigIP 4.5.12
  • F5 BigIP 4.5.6
  • F5 BigIP 4.5.9
  • F5 BigIP 4.6.0
  • F5 BigIP 4.6.2
  • Gentoo Linux
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Linux Mandrake 10.0.0
  • Mandriva Linux Mandrake 10.0.0 amd64
  • Mandriva Linux Mandrake 10.1.0
  • Mandriva Linux Mandrake 10.1.0 X86 64
  • SGI ProPack 3.0.0
  • SuSE Linux 8.0.0
  • SuSE Linux 8.0.0 i386
  • SuSE Linux 8.1.0
  • SuSE Linux Desktop 1.0.0
  • SuSE Linux Personal 8.2.0
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE SUSE Linux Enterprise Server 9

References

  • BugTraq: 12615
  • CVE: CVE-2005-0490
  • URL: http://curl.haxx.se/
  • URL: http://www.securitytracker.com/alerts/2005/Feb/1013253.html
  • URL: http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities&flashstatus=true

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out