Thc Hydra
Monthly
Remote code execution in THC Hydra through 9.7 allows a malicious or attacker-controlled server to compromise the machine running the Hydra brute-force client during NTLM authentication. When Hydra connects to such a server across its SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, or HTTP-Proxy-Urlenum modules, a crafted NTLM Type-2 challenge with an overlong domain string causes the base64-encoded response to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling code execution on hosts lacking stack protection. No public exploit identified at time of analysis, but a vendor patch (commit 9cc84c2) is available, and the issue inverts the usual threat model - the operator of the offensive tool becomes the victim.
Remote code execution in THC Hydra through 9.7 allows a malicious or attacker-controlled server to compromise the machine running the Hydra brute-force client during NTLM authentication. When Hydra connects to such a server across its SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, or HTTP-Proxy-Urlenum modules, a crafted NTLM Type-2 challenge with an overlong domain string causes the base64-encoded response to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling code execution on hosts lacking stack protection. No public exploit identified at time of analysis, but a vendor patch (commit 9cc84c2) is available, and the issue inverts the usual threat model - the operator of the offensive tool becomes the victim.