ID CVE-2001-0869 Type cve Reporter cve@mitre.org Modified 2018-05-03T01:29:00
Description
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
{"osvdb": [{"lastseen": "2017-04-28T13:20:00", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nRedHat RHSA: RHSA-2001-151\nISS X-Force ID: 7443\n[CVE-2001-0869](https://vulners.com/cve/CVE-2001-0869)\n", "modified": "2004-04-08T23:11:45", "published": "2004-04-08T23:11:45", "id": "OSVDB:5533", "href": "https://vulners.com/osvdb/OSVDB:5533", "title": "Cyrus SASL Library Default Loggin Format String", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:51:21", "bulletinFamily": "unix", "description": "The Cyrus SASL library provides an authentication API for mail clients and servers. A format bug was found in one of the logging functions, that could be used by an attacker to gain access to a machine or to acquire higher privileges.", "modified": "2001-11-23T13:28:30", "published": "2001-11-23T13:28:30", "id": "SUSE-SA:2001:042", "href": "http://lists.opensuse.org/opensuse-security-announce/2001-11/msg00010.html", "type": "suse", "title": "possible local/remote privilege escalation in cyrus-sasl", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T02:54:54", "bulletinFamily": "scanner", "description": "Kari Hurtta discovered that a format bug exists in the Cyrus SASL\nlibrary, which is used to provide an authentication API for mail\nclients and servers, as well as other services such as LDAP. The\nformat bug was found in one of the logging functions which could be\nused by an attacker to obtain access to a machine or to possibly\nacquire elevated privileges. Thanks to the SuSE security team for\nproviding the fix.", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2002-018.NASL", "href": "https://www.tenable.com/plugins/nessus/13926", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2002:018)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2002:018. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13926);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:46\");\n\n script_cve_id(\"CVE-2001-0869\");\n script_bugtraq_id(3498);\n script_xref(name:\"MDKSA\", value:\"2002:018\");\n\n script_name(english:\"Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2002:018)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kari Hurtta discovered that a format bug exists in the Cyrus SASL\nlibrary, which is used to provide an authentication API for mail\nclients and servers, as well as other services such as LDAP. The\nformat bug was found in one of the logging functions which could be\nused by an attacker to obtain access to a machine or to possibly\nacquire elevated privileges. Thanks to the SuSE security team for\nproviding the fix.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cyrus-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsasl7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsasl7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsasl7-plug-anonymous\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsasl7-plug-crammd5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsasl7-plug-digestmd5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsasl7-plug-login\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsasl7-plug-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"cyrus-sasl-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libsasl7-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libsasl7-devel-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libsasl7-plug-anonymous-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libsasl7-plug-crammd5-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libsasl7-plug-digestmd5-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libsasl7-plug-login-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libsasl7-plug-plain-1.5.27-2.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"cyrus-sasl-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libsasl7-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libsasl7-devel-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libsasl7-plug-anonymous-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libsasl7-plug-crammd5-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libsasl7-plug-digestmd5-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libsasl7-plug-login-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libsasl7-plug-plain-1.5.27-2.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}