Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability

GNU wget and cURL are prone to a buffer-overflow vulnerability because the applications fail to properly bounds-check user-supplied data before using it in a memory copy operation.

An attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application.

For an exploit to succeed, NTLM authentication must be enabled in the affected clients.


 

Privacy Statement
Copyright 2010, SecurityFocus