REDHAT-BUG-487685
First published: Fri Feb 27 2009(Updated: )
It was discovered that camel's NTLM SASL authentication mechanism did not properly validate server's challenge packets (NTLM authentication type 2 packets, [1]). In the ntlm_challenge() in camel/camel-sasl-ntlm.c, length of the domain string that was copied from type 2 to type 3 packet (client's reply to server's challenge) was not properly validated against the rest of the data received from the server. 127 ntlm_set_string (ret, NTLM_RESPONSE_DOMAIN_OFFSET, 128 token->data + NTLM_CHALLENGE_DOMAIN_OFFSET, 129 atoi (token->data + NTLM_CHALLENGE_DOMAIN_LEN_OFFSET)); Server could specify larger length than the actual data sent in the packet, causing the client to disclose portion of its memory, or crash. Note: length value was not properly extracted from the packet too, as it is not passed as string, rather as 16-bit LE value. [1] <a href="http://curl.haxx.se/rfc/ntlm.html#theType2Message">http://curl.haxx.se/rfc/ntlm.html#theType2Message</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Build of Apache Camel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://curl.haxx.se/rfc/ntlm.html#theType2Message
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=333473&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=333473&action=edit
- http://mail.gnome.org/archives/release-team/2009-March/msg00096.html
- https://rhn.redhat.com/errata/RHSA-2009-0354.html
- https://rhn.redhat.com/errata/RHSA-2009-0355.html
- https://rhn.redhat.com/errata/RHSA-2009-0358.html
- http://rhn.redhat.com/errata/RHSA-2009-0354.html
- http://rhn.redhat.com/errata/RHSA-2009-0355.html
- http://rhn.redhat.com/errata/RHSA-2009-0358.html
- https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2784
- https://admin.fedoraproject.org/updates/F9/FEDORA-2009-2792
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=501222
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=487685#c29
- https://bugzilla.redhat.com/show_bug.cgi?id=487685
Frequently Asked Questions
What is the severity of REDHAT-BUG-487685?
The severity of REDHAT-BUG-487685 is considered critical due to the improper validation of NTLM SASL authentication challenge packets.
How do I fix REDHAT-BUG-487685?
To fix REDHAT-BUG-487685, update Apache Camel to the latest version that addresses this vulnerability.
What systems are affected by REDHAT-BUG-487685?
REDHAT-BUG-487685 affects systems using the Apache Camel NTLM SASL authentication mechanism.
What type of vulnerability is REDHAT-BUG-487685?
REDHAT-BUG-487685 is an authentication vulnerability related to improper validation of challenge packets.
Is REDHAT-BUG-487685 exploitable remotely?
Yes, REDHAT-BUG-487685 is potentially exploitable remotely due to the nature of the NTLM authentication process.
- collector/redhat-bugzilla
- alias/CVE-2009-0582
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/red hat build of apache camel