Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200410-05
HistoryOct 07, 2004 - 12:00 a.m.

Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities

2004-10-0700:00:00
Gentoo Foundation
security.gentoo.org
27

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.4%

JSON

Background

Cyrus-SASL is an implementation of the Simple Authentication and Security Layer.

Description

Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a vulnerability in the way the SASL_PATH environment variable is honored (CAN-2004-0884).

Impact

An attacker might be able to execute arbitrary code with the Effective ID of the application calling the Cyrus-SASL libraries.

Workaround

There is no known workaround at this time.

Resolution

All Cyrus-SASL users should upgrade to the latest stable version:

 # emerge sync
 
 # emerge -pv ">=dev-libs/cyrus-sasl-2.1.18-r2"
 # emerge ">=dev-libs/cyrus-sasl-2.1.18-r2"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/cyrus-sasl<= 2.1.18-r1UNKNOWN

Related

openvas 18
nessus 11
securityvulns 1
osv 2
ubuntucve 2
debiancve 2
suse 2
cve 2
debian 8
freebsd 1
redhat 1
openvas
openvas
FreeBSD Ports: cyrus-sasl
2008-09-04 00:00:00
FreeBSD Ports: cyrus-sasl
2008-09-04 00:00:00
Debian Security Advisory DSA 563-3 (cyrus-sasl)
2008-01-17 00:00:00
nessus
nessus
GLSA-200410-05 : Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
2004-10-07 00:00:00
Debian DSA-563-3 : cyrus-sasl - unsanitised input
2004-11-10 00:00:00
Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2004:106)
2004-10-08 00:00:00
securityvulns
securityvulns
[ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
2004-10-08 00:00:00
osv
osv
cyrus-sasl-mit - unsanitised input
2004-10-16 00:00:00
cyrus-sasl - unsanitised input
2004-10-14 00:00:00
ubuntucve
ubuntucve
CVE-2005-0373
2004-10-07 00:00:00
CVE-2004-0884
2005-01-27 00:00:00
debiancve
debiancve
CVE-2005-0373
2004-10-07 04:00:00
CVE-2004-0884
2005-01-27 05:00:00
suse
suse
remote code execution in cyrus-sasl,cyrus-sasl2
2005-03-03 12:17:08
remote denial of service in kernel
2004-10-21 07:52:50
cve
cve
CVE-2005-0373
2004-10-07 04:00:00
CVE-2004-0884
2005-01-27 05:00:00
debian
debian
[SECURITY] [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution
2004-10-12 16:54:23
[SECURITY] [DSA 563-3] New cyrus-sasl packages fix arbitrary code execution on sparc and arm
2004-10-14 14:47:43
[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution
2004-10-16 08:27:59
freebsd
freebsd
cyrus-sasl -- dynamic library loading and set-user-ID applications
2004-09-22 00:00:00
redhat
redhat
(RHSA-2004:546) cyrus-sasl security update
2004-10-07 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.4%

JSON
Related for GLSA-200410-05
openvas18nessus11securityvulns1osv2ubuntucve2debiancve2suse2cve2debian8freebsd1redhat1