| Description: | Summary:
The remote host is missing an update for the 'curl/wget' package(s) announced via the SSA:2005-310-01 advisory.
Vulnerability Insight:
New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2,
and -current, and new wget packages are available for Slackware 8.1,
9.0, 9.1, 10.0, 10.1, 10.2, and -current. These address a buffer
overflow in NTLM handling which may present a security problem, though
no public exploits are known at this time.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[link moved to references]
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer
overflow in libcurl's NTLM function that could have possible security
implications.
For more details, see:
[links moved to references]
(* Security fix *)
patches/packages/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that could
have possible security implications.
For more details, see:
[link moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'curl/wget' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
