JVN/CVE Demo: Cveinfos

CVE

Id: 14391
CVE No.: CVE-2005-3185
Status: Candidate
Description: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
Phase: Assigned (20051012)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
107404	14391	CVE-2005-3185	IDEFENSE:20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability	View
107405	14391	CVE-2005-3185	URL:http://www.idefense.com/application/poi/display?id=322&type=vulnerabilities	View
107406	14391	CVE-2005-3185	APPLE:APPLE-SA-2005-11-29	View
107407	14391	CVE-2005-3185	URL:http://docs.info.apple.com/article.html?artnum=302847	View
107408	14391	CVE-2005-3185	DEBIAN:DSA-919	View
107409	14391	CVE-2005-3185	URL:http://www.debian.org/security/2005/dsa-919	View
107410	14391	CVE-2005-3185	FEDORA:FEDORA-2005-1000	View
107411	14391	CVE-2005-3185	URL:http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html	View
107412	14391	CVE-2005-3185	FEDORA:FEDORA-2005-1129	View
107413	14391	CVE-2005-3185	URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html	View
107414	14391	CVE-2005-3185	GENTOO:GLSA-200510-19	View
107415	14391	CVE-2005-3185	URL:http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml	View
107416	14391	CVE-2005-3185	MANDRIVA:MDKSA-2005:182	View
107417	14391	CVE-2005-3185	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:182	View
107418	14391	CVE-2005-3185	REDHAT:RHSA-2005:807	View
107419	14391	CVE-2005-3185	URL:http://www.redhat.com/support/errata/RHSA-2005-807.html	View
107420	14391	CVE-2005-3185	REDHAT:RHSA-2005:812	View
107421	14391	CVE-2005-3185	URL:http://www.redhat.com/support/errata/RHSA-2005-812.html	View
107422	14391	CVE-2005-3185	SCO:SCOSA-2006.10	View
107423	14391	CVE-2005-3185	URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt	View
107424	14391	CVE-2005-3185	SLACKWARE:SSA:2005-310-01	View
107425	14391	CVE-2005-3185	URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010	View
107426	14391	CVE-2005-3185	SUSE:SUSE-SA:2005:063	View
107427	14391	CVE-2005-3185	URL:http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html	View
107428	14391	CVE-2005-3185	TRUSTIX:TSLSA-2005-0059	View
107429	14391	CVE-2005-3185	URL:http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html	View
107430	14391	CVE-2005-3185	UBUNTU:USN-205-1	View
107431	14391	CVE-2005-3185	URL:http://www.ubuntulinux.org/support/documentation/usn/usn-205-1	View
107432	14391	CVE-2005-3185	BID:15102	View
107433	14391	CVE-2005-3185	URL:http://www.securityfocus.com/bid/15102	View
107434	14391	CVE-2005-3185	BID:15647	View
107435	14391	CVE-2005-3185	URL:http://www.securityfocus.com/bid/15647	View
107436	14391	CVE-2005-3185	OVAL:oval:org.mitre.oval:def:9810	View
107437	14391	CVE-2005-3185	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9810	View
107438	14391	CVE-2005-3185	VUPEN:ADV-2005-2125	View
107439	14391	CVE-2005-3185	URL:http://www.vupen.com/english/advisories/2005/2125	View
107440	14391	CVE-2005-3185	VUPEN:ADV-2005-2088	View
107441	14391	CVE-2005-3185	URL:http://www.vupen.com/english/advisories/2005/2088	View
107442	14391	CVE-2005-3185	VUPEN:ADV-2005-2659	View
107443	14391	CVE-2005-3185	URL:http://www.vupen.com/english/advisories/2005/2659	View
107444	14391	CVE-2005-3185	OSVDB:20011	View
107445	14391	CVE-2005-3185	URL:http://www.osvdb.org/20011	View
107446	14391	CVE-2005-3185	SECTRACK:1015056	View
107447	14391	CVE-2005-3185	URL:http://securitytracker.com/id?1015056	View
107448	14391	CVE-2005-3185	SECTRACK:1015057	View
107449	14391	CVE-2005-3185	URL:http://securitytracker.com/id?1015057	View
107450	14391	CVE-2005-3185	SECUNIA:17192	View
107451	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17192	View
107452	14391	CVE-2005-3185	SECUNIA:17400	View
107453	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17400	View
107454	14391	CVE-2005-3185	SECUNIA:17403	View
107455	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17403	View
107456	14391	CVE-2005-3185	SECUNIA:17813	View
107457	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17813	View
107458	14391	CVE-2005-3185	SECUNIA:17193	View
107459	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17193	View
107460	14391	CVE-2005-3185	SECUNIA:17247	View
107461	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17247	View
107462	14391	CVE-2005-3185	SECUNIA:17320	View
107463	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17320	View
107464	14391	CVE-2005-3185	SECUNIA:17297	View
107465	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17297	View
107466	14391	CVE-2005-3185	SECUNIA:17208	View
107467	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17208	View
107468	14391	CVE-2005-3185	SECUNIA:17485	View
107469	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17485	View
107470	14391	CVE-2005-3185	SECUNIA:17965	View
107471	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17965	View
107472	14391	CVE-2005-3185	SECUNIA:19193	View
107473	14391	CVE-2005-3185	URL:http://secunia.com/advisories/19193	View
107474	14391	CVE-2005-3185	SECUNIA:17203	View
107475	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17203	View
107476	14391	CVE-2005-3185	SECUNIA:17228	View
107477	14391	CVE-2005-3185	URL:http://secunia.com/advisories/17228	View
107478	14391	CVE-2005-3185	SREASON:82	View
107479	14391	CVE-2005-3185	URL:http://securityreason.com/securityalert/82	View
107480	14391	CVE-2005-3185	XF:wget-curl-ntlm-username-bo(22721)	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.38 MB
View render complete	2.90 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.00
Event: Controller.initialize	0.03
Event: Controller.startup	0.07
Controller action	452.35
Event: Controller.beforeRender	8.45
» Processing toolbar data	8.34
Rendering View	23.74
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	22.69
» Event: View.afterRender	0.03
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.58
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.10
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/14391
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/14391
Remote Port	51565
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.31
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.228.43
Http Via	1.1 squid-proxy-5b5d847c96-42g69 (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.31
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.31
Unique Id	aORxeiC_rYjBtAan53uppwAAAK0
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.31
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.31
Redirect Unique Id	aORxeiC_rYjBtAan53uppwAAAK0
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.31
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.31
Redirect Redirect Unique Id	aORxeiC_rYjBtAan53uppwAAAK0
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1759801722.9175
Request Time	1759801722

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files