Two iDEFENSE Security Advisories reports:
An exploitable stack-based buffer overflow condition
exists when using NT Lan Manager (NTLM)
authentication. The problem specifically exists within
Curl_input_ntlm() defined in
lib/http_ntlm.c.
Successful exploitation allows remote attackers to
execute arbitrary code under the privileges of the target
user. Exploitation requires that an attacker either coerce
or force a target to connect to a malicious server using
NTLM authentication.
An exploitable stack-based buffer overflow condition
exists when using Kerberos authentication. The problem
specifically exists within the functions
Curl_krb_kauth() and krb4_auth()
defined in lib/krb4.c.
Successful exploitation allows remote attackers to
execute arbitrary code under the privileges of the target
user. Exploitation requires that an attacker either coerce
or force a target to connect to a malicious server using
Kerberos authentication.