Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability

Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability

Solution:
An updated version of GNU wget is available.

A security advisory and a patch for cURL have been released.

Please see the referenced vendor advisories for more information.

GNU wget 1.10

GNU wget-1.10.2.tar.gz
http://ftp.gnu.org/pub/gnu/wget/wget-1.10.2.tar.gz

Mandriva wget-1.10-1.1.20060mdk.i586.rpm
Mandrivalinux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva wget-1.10-1.1.20060mdk.x86_64.rpm
Mandrivalinux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

GNU wget 1.10.1

SUSE wget-1.10.1-2.2.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/wget-1.10.1-2.2. i586.rpm

SUSE wget-1.10.1-2.2.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/wget-1.10.1-2.2.p pc.rpm

SUSE wget-1.10.1-2.2.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/wget-1.10.1-2. 2.x86_64.rpm

Conectiva Linux 10.0

Conectiva curl-7.11.1-53435U10_2cl.i386.rpm
Version:10
ftp://atualizacoes.conectiva.com.br/10/RPMS/curl-7.11.1-53435U10_2cl.i 386.rpm

Conectiva libcurl-devel-7.11.1-53435U10_2cl.i386.rpm
Version:10
ftp://atualizacoes.conectiva.com.br/10/RPMS/libcurl-devel-7.11.1-53435 U10_2cl.i386.rpm

Conectiva libcurl-devel-static-7.11.1-53435U10_2cl.i386.rpm
Version:10
ftp://atualizacoes.conectiva.com.br/10/RPMS/libcurl-devel-7.11.1-53435 U10_2cl.i386.rpm

Conectiva libcurl2-7.11.1-53435U10_2cl.i386.rpm
Version:10
ftp://atualizacoes.conectiva.com.br/10/RPMS/libcurl-devel-7.11.1-53435 U10_2cl.i386.rpm

Apple Mac OS X Server 10.4

Apple SecUpdSrvr2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08839&cat= 1&platform=osx&method=sa/SecUpdSrvr2005-009Ti.dmg

Apple Mac OS X Server 10.4.1

Apple SecUpdSrvr2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08839&cat= 1&platform=osx&method=sa/SecUpdSrvr2005-009Ti.dmg

Apple Mac OS X 10.4.2

Apple SecUpd2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08835&cat= 1&platform=osx&method=sa/SecUpd2005-009Ti.dmg

Apple Mac OS X Server 10.4.3

Apple SecUpdSrvr2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08839&cat= 1&platform=osx&method=sa/SecUpdSrvr2005-009Ti.dmg

Apple Mac OS X 10.4.3

Apple SecUpd2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08835&cat= 1&platform=osx&method=sa/SecUpd2005-009Ti.dmg

SCO Open Server 5.0.6

SCO gwxlibs210Ba_vol.tar
ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/

SCO Open Server 6.0

SCO osr600mp2.iso
ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso

Daniel Stenberg curl 7.10.7

Daniel Stenberg libcurl-ntlmbuf.patch
http://curl.haxx.se/libcurl-ntlmbuf.patch

Slackware curl-7.10.7-i486-2.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/c url-7.10.7-i486-2.tgz

Daniel Stenberg curl 7.10.8

Daniel Stenberg libcurl-ntlmbuf.patch
http://curl.haxx.se/libcurl-ntlmbuf.patch

Daniel Stenberg curl 7.11.2

Daniel Stenberg libcurl-ntlmbuf.patch
http://curl.haxx.se/libcurl-ntlmbuf.patch

Daniel Stenberg curl 7.12.2

Daniel Stenberg libcurl-ntlmbuf.patch
http://curl.haxx.se/libcurl-ntlmbuf.patch

Slackware curl-7.12.2-i486-2.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ curl-7.12.2-i486-2.tgz

Slackware curl-7.12.2-i486-2.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ curl-7.12.2-i486-2.tgz

Daniel Stenberg curl 7.13

Daniel Stenberg libcurl-ntlmbuf.patch
http://curl.haxx.se/libcurl-ntlmbuf.patch

SUSE curl-7.13.0-5.2.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/curl-7.13.0-5.2.i 586.rpm

SUSE wget-1.10-1.3.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/wget-1.10-1.3.i58 6.rpm

Daniel Stenberg curl 7.13.1

Daniel Stenberg libcurl-ntlmbuf.patch
http://curl.haxx.se/libcurl-ntlmbuf.patch

Mandriva curl-7.13.1-2.1.102mdk.i586.rpm
Mandrivalinux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva curl-7.13.1-2.1.102mdk.x86_64.rpm
Mandrivalinux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Daniel Stenberg curl 7.14

Mandriva curl-7.14.0-2.1.20060mdk.i586.rpm
Mandrivalinux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva curl-7.14.0-2.1.20060mdk.x86_64.rpm
Mandrivalinux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva lib64curl3-devel-7.14.0-2.1.20060mdk.x86_64.rpm
Mandrivalinux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva libcurl3-7.14.0-2.1.20060mdk.i586.rpm
Mandrivalinux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva libcurl3-devel-7.14.0-2.1.20060mdk.i586.rpm
Mandrivalinux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

SUSE curl-32bit-7.14.0-2.2.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/curl-32bit-7.1 4.0-2.2.x86_64.rpm

SUSE curl-32bit-9.3-7.1.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/curl-32bit-9.3- 7.1.x86_64.rpm

SUSE curl-7.14.0-2.2.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/curl-7.14.0-2.2. i586.rpm

SUSE curl-7.14.0-2.2.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/curl-7.14.0-2.2.p pc.rpm

SUSE curl-7.14.0-2.2.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/curl-7.14.0-2. 2.x86_64.rpm

Ubuntu curl_7.14.0-2ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu 1.1_amd64.deb

Ubuntu curl_7.14.0-2ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu 1.1_i386.deb

Ubuntu curl_7.14.0-2ubuntu1.1_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu 1.1_powerpc.deb

Ubuntu libcurl3-dbg_7.14.0-2ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0 -2ubuntu1.1_amd64.deb

Ubuntu libcurl3-dbg_7.14.0-2ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0 -2ubuntu1.1_i386.deb

Ubuntu libcurl3-dbg_7.14.0-2ubuntu1.1_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0 -2ubuntu1.1_i386.deb

Ubuntu libcurl3-dbg_7.14.0-2ubuntu1.1_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0 -2ubuntu1.1_powerpc.deb

Ubuntu libcurl3-dev_7.14.0-2ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0 -2ubuntu1.1_amd64.deb

Ubuntu libcurl3-dev_7.14.0-2ubuntu1.1_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0 -2ubuntu1.1_i386.deb

Ubuntu libcurl3-dev_7.14.0-2ubuntu1.1_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0 -2ubuntu1.1_powerpc.deb

Ubuntu libcurl3-gssapi_7.14.0-2ubuntu1.1_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi _7.14.0-2ubuntu1.1_powerpc.deb

Ubuntu libcurl3_7.14.0-2ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ub untu1.1_amd64.deb

Ubuntu libcurl3_7.14.0-2ubuntu1.1_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ub untu1.1_i386.deb

Ubuntu libcurl3_7.14.0-2ubuntu1.1_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ub untu1.1_powerpc.deb

Ubuntu wget_1.10-2ubuntu0.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10-2ubuntu0. 1_amd64.deb