Описание
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
A flaw was found in the libntlm NTLM library where it was vulnerable to a buffer overflow in the buildSmbNtlmAuthRequest_userlen() function. If an application using this library does not check input length before calling the function, an attacker could use this flaw to send a specially crafted request that could crash the application, or possibly trigger code execution.
Отчет
The vulnerability is rated Medium because no package in Red Hat Enterprise Linux versions 6 and 7 is using Libntlm. Most 3rd party applications using Libntlm are command line clients and would be affected via a command line option or a configuration file, which are local vectors.
Меры по смягчению последствий
The calling application must verify that the input username and domain fit in the 1024 byte buffer.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libntlm | Will not fix | ||
| Red Hat Enterprise Linux 7 | libntlm | Affected | ||
| Red Hat Satellite 5 | libntlm | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...
EPSS
8.1 High
CVSS3