GNU SASL 代码问题漏洞

GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...

TencentOS Server 3: cyrus-sasl (TSSA-2022:0013)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0013 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0013: cyrus-sasl (ALINUX3-SA-2022:0013)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0013 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-19906: cyrus-sasl aka Cyrus SASL...

A week in security (September 17 – 23)

Last week, we took a look at a low level spam campaign on Twitter, explored the signs of falling victim to phishing, and examined a massive WordPress compromise. We also explained some SASL vulnerabilities and covered a breaking Emotet spam campaign. Other cybersecurity news: NewEgg attacked by...

Multiple Cyrus-SASL bugs

Buffer overflow in digestmda5.c and during environment parsing. User supplied modules are loaded into suid application...

[ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities

Gentoo Linux Security Advisory GLSA 200410-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

GLSA-200410-05 : Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200410-05 Cyrus-SASL: Buffer overflow and SASLPATH vulnerabilities Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a...

Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a vulnerability in the way the SASLPATH...

CVE-2002-1347

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 long inputs during user name canonicalization, 2 characters that need to be escaped during LDAP authentication using saslauthd, or 3 an...