Remote Code Execution via NTLM Authentication Stack Buffer Overflow
Summary
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling remote code execution on systems without stack protection. A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack stack protection. An important security flaw in the Hydra tool lets a malicious server take control of your computer. For an attack to work, you must be tricked into actively connecting Hydra to the attacker's rigged server. The standard security features built into Red Hat systems act as a safety net, making it very difficult for attackers to actually exploit this issue. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-120. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Ensure your system's built-in security features are active and up to date. These standard protections automatically look for memory errors, causing the application to safely shut down the moment it receives too much data, completely blocking any harmful commands from running.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.