Lucene search

CertccCVE-2009-0688

HistoryMay 15, 2009 - 3:30 p.m.

CVE-2009-0688

2009-05-1515:30:00

CWE-119

certcc

web.nvd.nist.gov

cmu

cyrus

sasl

buffer overflows

remote code execution

denial of service

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.407

Percentile

97.3%

JSON

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

Affected configurations

Nvd

Node

carnegie_mellon_universitycyrus-saslRange≤2.1.22

carnegie_mellon_universitycyrus-saslMatch1.4.1

carnegie_mellon_universitycyrus-saslMatch1.5.0

carnegie_mellon_universitycyrus-saslMatch1.5.2

carnegie_mellon_universitycyrus-saslMatch1.5.3

carnegie_mellon_universitycyrus-saslMatch1.5.5

carnegie_mellon_universitycyrus-saslMatch1.5.10

carnegie_mellon_universitycyrus-saslMatch1.5.11

carnegie_mellon_universitycyrus-saslMatch1.5.13

carnegie_mellon_universitycyrus-saslMatch1.5.15

carnegie_mellon_universitycyrus-saslMatch1.5.16

carnegie_mellon_universitycyrus-saslMatch1.5.20

carnegie_mellon_universitycyrus-saslMatch1.5.21

carnegie_mellon_universitycyrus-saslMatch1.5.22

carnegie_mellon_universitycyrus-saslMatch1.5.23

carnegie_mellon_universitycyrus-saslMatch1.5.24

carnegie_mellon_universitycyrus-saslMatch1.5.26

carnegie_mellon_universitycyrus-saslMatch1.5.27

carnegie_mellon_universitycyrus-saslMatch1.5.28

carnegie_mellon_universitycyrus-saslMatch2.0.0

carnegie_mellon_universitycyrus-saslMatch2.0.1

carnegie_mellon_universitycyrus-saslMatch2.0.2

carnegie_mellon_universitycyrus-saslMatch2.0.3

carnegie_mellon_universitycyrus-saslMatch2.0.4

carnegie_mellon_universitycyrus-saslMatch2.0.5

carnegie_mellon_universitycyrus-saslMatch2.1.0

carnegie_mellon_universitycyrus-saslMatch2.1.1

carnegie_mellon_universitycyrus-saslMatch2.1.2

carnegie_mellon_universitycyrus-saslMatch2.1.3

carnegie_mellon_universitycyrus-saslMatch2.1.5

carnegie_mellon_universitycyrus-saslMatch2.1.6

carnegie_mellon_universitycyrus-saslMatch2.1.7

carnegie_mellon_universitycyrus-saslMatch2.1.8

carnegie_mellon_universitycyrus-saslMatch2.1.9

carnegie_mellon_universitycyrus-saslMatch2.1.10

carnegie_mellon_universitycyrus-saslMatch2.1.11

carnegie_mellon_universitycyrus-saslMatch2.1.12

carnegie_mellon_universitycyrus-saslMatch2.1.13

carnegie_mellon_universitycyrus-saslMatch2.1.14

carnegie_mellon_universitycyrus-saslMatch2.1.15

carnegie_mellon_universitycyrus-saslMatch2.1.16

carnegie_mellon_universitycyrus-saslMatch2.1.17

carnegie_mellon_universitycyrus-saslMatch2.1.18

carnegie_mellon_universitycyrus-saslMatch2.1.19

carnegie_mellon_universitycyrus-saslMatch2.1.20

carnegie_mellon_universitycyrus-saslMatch2.1.21

VendorProductVersionCPE
carnegie_mellon_universitycyrus-sasl*cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:*:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.4.1cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.4.1:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.0cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.0:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.2cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.2:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.3cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.3:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.5cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.5:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.10cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.10:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.11cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.11:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.13cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.13:*:*:*:*:*:*:*
carnegie_mellon_universitycyrus-sasl1.5.15cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
carnegie_mellon_university	cyrus-sasl	*	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl::::::::
carnegie_mellon_university	cyrus-sasl	1.4.1	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.4.1:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.0	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.0:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.2	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.2:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.3	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.3:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.5	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.5:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.10	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.10:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.11	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.11:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.13	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.13:::::::*
carnegie_mellon_university	cyrus-sasl	1.5.15	cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.15:::::::*

Rows per page:

1-10 of 461

References

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

osvdb.org/54514

osvdb.org/54515

secunia.com/advisories/35094

secunia.com/advisories/35097

secunia.com/advisories/35102

secunia.com/advisories/35206

secunia.com/advisories/35239

secunia.com/advisories/35321

secunia.com/advisories/35416

secunia.com/advisories/35497

secunia.com/advisories/35746

secunia.com/advisories/39428

security.gentoo.org/glsa/glsa-200907-09.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834

sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1

sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1

sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1

support.apple.com/kb/HT4077

support.avaya.com/elmodocs2/security/ASA-2009-184.htm

wiki.rpath.com/wiki/Advisories:rPSA-2009-0091

www.debian.org/security/2009/dsa-1807

www.kb.cert.org/vuls/id/238019

www.mandriva.com/security/advisories?name=MDVSA-2009:113

www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html

www.redhat.com/support/errata/RHSA-2009-1116.html

www.securityfocus.com/bid/34961

www.securitytracker.com/id?1022231

www.ubuntu.com/usn/usn-790-1

www.us-cert.gov/cas/techalerts/TA10-103B.html

www.vupen.com/english/advisories/2009/1313

www.vupen.com/english/advisories/2009/2012

exchange.xforce.ibmcloud.com/vulnerabilities/50554

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.407

Percentile

97.3%

JSON

Related for CVE-2009-0688