Lucene search
AmazonALAS-2022-1574HistoryMar 10, 2022 - 12:54 a.m.
Important: cyrus-sasl
2022-03-1000:54:00
alas.aws.amazon.com
31
cyrus sasl
sql plugin
remote attacker
arbitrary sql commands
privilege escalation
cve-2022-24407
yum update
packages
red hat
mitre
unix
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
69.2%
Issue Overview:
A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges. (CVE-2022-24407)
Affected Packages:
cyrus-sasl
Issue Correction:
Run yum update cyrus-sasl to update your system.
New Packages:
i686:
cyrus-sasl-ldap-2.1.23-13.17.amzn1.i686
cyrus-sasl-gssapi-2.1.23-13.17.amzn1.i686
cyrus-sasl-md5-2.1.23-13.17.amzn1.i686
cyrus-sasl-debuginfo-2.1.23-13.17.amzn1.i686
cyrus-sasl-ntlm-2.1.23-13.17.amzn1.i686
cyrus-sasl-2.1.23-13.17.amzn1.i686
cyrus-sasl-plain-2.1.23-13.17.amzn1.i686
cyrus-sasl-sql-2.1.23-13.17.amzn1.i686
cyrus-sasl-devel-2.1.23-13.17.amzn1.i686
cyrus-sasl-lib-2.1.23-13.17.amzn1.i686
src:
cyrus-sasl-2.1.23-13.17.amzn1.src
x86_64:
cyrus-sasl-plain-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-lib-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-gssapi-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-devel-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-debuginfo-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-sql-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-ntlm-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-md5-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-ldap-2.1.23-13.17.amzn1.x86_64
cyrus-sasl-2.1.23-13.17.amzn1.x86_64
Additional References
Red Hat: CVE-2022-24407
Mitre: CVE-2022-24407
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | cyrus-sasl-ldap | < 2.1.23-13.17.amzn1 | cyrus-sasl-ldap-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-gssapi | < 2.1.23-13.17.amzn1 | cyrus-sasl-gssapi-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-md5 | < 2.1.23-13.17.amzn1 | cyrus-sasl-md5-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-debuginfo | < 2.1.23-13.17.amzn1 | cyrus-sasl-debuginfo-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-ntlm | < 2.1.23-13.17.amzn1 | cyrus-sasl-ntlm-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl | < 2.1.23-13.17.amzn1 | cyrus-sasl-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-plain | < 2.1.23-13.17.amzn1 | cyrus-sasl-plain-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-sql | < 2.1.23-13.17.amzn1 | cyrus-sasl-sql-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-devel | < 2.1.23-13.17.amzn1 | cyrus-sasl-devel-2.1.23-13.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cyrus-sasl-lib | < 2.1.23-13.17.amzn1 | cyrus-sasl-lib-2.1.23-13.17.amzn1.i686.rpm |
Related
nessus
nessus
NewStart CGSL MAIN 6.02 : cyrus-sasl Vulnerability (NS-SA-2022-0088)
2022-11-15 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Cyrus SASL vulnerability (USN-5301-1)
2022-02-22 00:00:00
EulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2022-1560)
2022-04-25 00:00:00
redhat
redhat
(RHSA-2022:0668) Important: cyrus-sasl security update
2022-02-24 09:24:22
(RHSA-2022:0658) Important: cyrus-sasl security update
2022-02-23 13:33:12
(RHSA-2022:0666) Important: cyrus-sasl security update
2022-02-24 09:24:18
openvas
openvas
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2492)
2022-10-10 00:00:00
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2177)
2022-08-01 00:00:00
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2021)
2022-07-14 00:00:00
ubuntucve
ubuntucve
CVE-2022-24407
2022-02-22 00:00:00
osv
osv
CVE-2022-24407
2022-02-24 15:15:29
cyrus-sasl2 vulnerability
2022-02-22 18:29:27
Important: cyrus-sasl security update
2022-02-23 13:33:12
redhatcve
redhatcve
CVE-2022-24407
2022-02-23 09:22:54
debiancve
debiancve
CVE-2022-24407
2022-02-24 15:15:29
cbl_mariner
cbl_mariner
CVE-2022-24407 affecting package cyrus-sasl 2.1.27-4
2022-03-19 16:40:52
CVE-2022-24407 affecting package cyrus-sasl for versions less than 2.1.28-1
2022-04-09 06:51:52
fedora
fedora
[SECURITY] Fedora 36 Update: cyrus-sasl-2.1.27-18.fc36
2022-03-26 15:32:19
[SECURITY] Fedora 34 Update: cyrus-sasl-2.1.27-9.fc34
2022-03-09 19:16:13
[SECURITY] Fedora 35 Update: cyrus-sasl-2.1.27-14.fc35
2022-03-08 21:23:02
mageia
mageia
Updated mysql-connector-c++ packages fix security vulnerability
2023-03-19 01:16:28
Updated cyrus-sasl packages fix security vulnerability
2022-03-23 11:36:28
oraclelinux
oraclelinux
cyrus-sasl security update
2022-02-24 00:00:00
cyrus-sasl security update
2022-02-24 00:00:00
cyrus-sasl security update
2022-03-21 00:00:00
rocky
rocky
cyrus-sasl security update
2022-02-23 13:33:12
gitlab
gitlab
ubuntu
ubuntu
Cyrus SASL vulnerability
2022-02-22 00:00:00
Cyrus SASL vulnerability
2022-02-22 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-03-12 00:42:04
cloudfoundry
cloudfoundry
USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry
2022-04-21 00:00:00
debian
debian
[SECURITY] [DLA 2931-1] cyrus-sasl2 security update
2022-03-06 17:15:21
[SECURITY] [DSA 5087-1] cyrus-sasl2 security update
2022-02-25 22:25:06
ibm
ibm
amazon
amazon
Important: cyrus-sasl
2022-03-07 23:29:00
freebsd
freebsd
cyrus-sasl -- Escape password for SQL insert/update commands
2022-02-04 00:00:00
MySQL -- Multiple vulnerabilities
2023-01-20 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-24407
2022-02-28 15:06:37
prion
prion
Default credentials
2022-02-24 15:15:00
cve
cve
CVE-2022-24407
2022-02-24 15:15:29
almalinux
almalinux
Important: cyrus-sasl security update
2022-02-23 13:33:12
alpinelinux
alpinelinux
CVE-2022-24407
2022-02-24 15:15:29
redos
redos
ROS-20220309-01
2022-03-09 00:00:00
f5
f5
K82896488 : Cyrus SASL vulnerability CVE-2022-24407
2022-05-18 00:00:00
cvelist
cvelist
CVE-2022-24407
2022-02-23 00:00:00
suse
suse
Security update for cyrus-sasl (important)
2022-03-08 00:00:00
nvd
nvd
CVE-2022-24407
2022-02-24 15:15:29
centos
centos
cyrus security update
2022-02-25 15:31:36
slackware
slackware
[slackware-security] cyrus-sasl
2022-02-25 00:10:10
photon
photon
Important Photon OS Security Update - PHSA-2022-0368
2022-03-04 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0368
2022-03-08 00:00:00
Important Photon OS Security Update - PHSA-2022-0477
2022-03-04 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
69.2%
Related for ALAS-2022-1574