CVE-2005-3185

Name of the Vulnerable Software and Affected Versions wget version 1.10 curl versions prior to 7.15.0 libcurl versions prior to 7.15.0

Description The issue is related to a stack-based buffer overflow in the ntlm output function when NTLM authentication is enabled, allowing remote servers to execute arbitrary code via a long NTLM username. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For wget version 1.10, update to a version that fixes the NTLM authentication issue. For curl versions prior to 7.15.0, update to version 7.15.0 or later to fix the buffer overflow vulnerability. For libcurl versions prior to 7.15.0, update to version 7.15.0 or later to fix the buffer overflow vulnerability. As a temporary workaround, consider disabling NTLM authentication until a patch is available. Avoid using username and domain name combinations longer than 192 bytes when NTLM authentication is enabled.