13 matches found
K14901: SASL vulnerability CVE-2013-4122
Security Advisory Description Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an...
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2019-1173)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 15.04 : cyrus-sasl2 vulnerability (USN-2755-1)
It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...
Gentoo Security Advisory GLSA 201309-01
Gentoo Linux Local Security Checks GLSA 201309-01 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Debian DSA-3368-1 : cyrus-sasl2 - security update
It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...
[SECURITY] [DSA 3368-1] cyrus-sasl2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3368-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2015 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3368-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : cyrus-sasl (ALAS-2014-338)
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...
Medium: cyrus-sasl
Issue Overview: Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt o...
F5 ARX Series Cyrus SASL空指针引用漏洞
CVE ID:CVE-2013-4122 F5 ARX Series是F5公司开发的智能文件存储管理解决方案。 F5 ARX Series相关的ARX管理配置工具所使用的Cyrus SASL存在安全漏洞,允许远程攻击者利用漏洞提交特殊请求执行拒绝服务攻击。使用LDAP或者Kerberos进行用户验证的系统受此漏洞影响。 0 F5 ARX Series 6.x 目前没有详细解决方案提供: http://support.f5.com/kb/en-us/products/arx.html...
SOL14901 - SASL vulnerability CVE-2013-4122
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
CVE-2013-4122
CVE-2013-4122 affects Cyrus SASL 2.1.23, 2.1.26 and earlier. The root cause is incorrect handling of when a NULL value is returned on error by the crypt function in glibc 2.17+, enabling remote DoS via (1) invalid salt or (2) DES or (3) MD5 passwords when FIPS-140 is enabled, triggering a NULL po...
[USN-1988-1] Cyrus SASL vulnerability
========================================================================== Ubuntu Security Notice USN-1988-1 October 09, 2013 cyrus-sasl2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...