CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.3%
The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash.
SASL (Simple Authentication and Security Layer) is a method for adding authentication support to various protocols. SASL is commonly used by mail servers to request authentication from clients and by clients to authenticate to servers.
The sasl_encode64()
function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64()
function.
A remote attacker might be able to execute code, or cause any programs relying on SASL to crash or be unavailable.
Upgrade
Cyrus SASL 2.1.23 has been released to address this issue. Before releasing fixed binaries, maintainers are encouraged to review the Cyrus vendor statement associated with this note.
238019
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 26, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: May 13, 2009
Statement Date: May 12, 2009
Affected
We have not received a statement from the vendor.
While this patch will fix currently vulnerable code, it can cause non-vulnerable existing code to break. Here’s a function prototype from include/saslutil.h to clarify my explanation:
/* base64 encode
Assume a scenario where calling code has been written in such a way that it calculates the exact size required for base64 encoding in advance, then allocates a buffer of that exact size, passing a pointer to the
buffer into sasl_encode64() as *out. As long as this code does not anticipate that the buffer is NUL-terminated (does not call any string-handling functions like strlen(), for example) the code will work and it will not be vulnerable.
Once this patch is applied, that same code will break because sasl_encode64() will begin to return SASL_BUFOVER.
Notified: April 28, 2009 Updated: May 20, 2009
Statement Date: May 20, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 28, 2009 Updated: May 14, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 28, 2009 Updated: May 14, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 28, 2009 Updated: May 15, 2009
Statement Date: May 15, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 13, 2009 Updated: June 15, 2009
Statement Date: June 09, 2009
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 18, 2009 Updated: May 18, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 28, 2009 Updated: April 28, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 25 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to James Ralston for reporting this issue and providing technical information.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2009-0688 |
---|---|
Severity Metric: | 4.04 Date Public: |