Lucene search

[email protected]CVE-2002-1347

HistoryDec 18, 2002 - 5:00 a.m.

CVE-2002-1347

2002-12-1805:00:00

CWE-131

[email protected]

web.nvd.nist.gov

cyrus sasl

buffer overflows

denial of service

arbitrary code execution

nvd

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.131 Low

EPSS

Percentile

95.6%

JSON

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Affected configurations

NVD

Node

cyrusimapcyrus_saslRange≤2.1.9

Node

applemac_os_xRange<10.3.8

applemac_os_x_serverRange<10.3.8

CPENameOperatorVersion
cyrusimap:cyrus_saslcyrusimap cyrus saslle2.1.9

CPE	Name	Operator	Version
cyrusimap:cyrus_sasl	cyrusimap cyrus sasl	le	2.1.9

References

archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html

distro.conectiva.com/atualizacoes/?id=a&anuncio=000557

lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

marc.info/?l=bugtraq&m=103946297703402&w=2

www.debian.org/security/2002/dsa-215

www.redhat.com/support/errata/RHSA-2002-283.html

www.securityfocus.com/advisories/4826

www.securityfocus.com/bid/6347

www.securityfocus.com/bid/6348

www.securityfocus.com/bid/6349

exchange.xforce.ibmcloud.com/vulnerabilities/10810

exchange.xforce.ibmcloud.com/vulnerabilities/10811

exchange.xforce.ibmcloud.com/vulnerabilities/10812

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.131 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2002-1347

nvd2 debiancve2 cvelist2 suse1 openvas2 cve1 nessus1