#include "_doctype.html" #define FLAWNAME Kerberos Authentication Buffer Overflow cURL - FLAWNAME #include "css.t" #include "manpage.t" #define CURL_DOCS #define CURL_URL docs/adv_20050221A.html #include "_menu.html" #include "setup.t" WHERE3(Docs, "/docs/", Security, "/docs/security.html", FLAWNAME) TITLE(FLAWNAME) #include "adv-related-box.inc" SUBTITLE(Kerberos Authentication Buffer Overflow)

Date:February 21, 2005
IDBID 12616 CAN-2005-0490
Affected versions7.3 to and including 7.13.0
Not affected versions7.13.1 and later
AdvisoriesiDEFENSE's advisory

Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious FTP server to overflow the client during krb4 negotiation. I don't know of any single user that uses krb4-ftp and I'm not even sure it still works 100%. The announcement was done without contacting us. #include "_footer.html"