CVE-2019-17455 (backports_sle, debian_linux, fedora, leap, libntlm, ubuntu_linux)

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

View Full Alert

Leave a Reply