20 matches found
EUVD-2000-0943
Malware in sbrugna...
EUVD-2002-2022
Malware in sbrugna...
K15652: SASL vulnerability CVE-2009-0688
Security Advisory Description Description Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c...
USN-5301-1: Cyrus SASL vulnerability
It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...
The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the cyrus-sasl package up to version 2.1.18-r1 inclusive in the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
SOL15652 - SASL vulnerability CVE-2009-0688
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL14901 - SASL vulnerability CVE-2013-4122
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
CVE-2013-4122
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...
SUSE-SA:2005:013: cyrus-sasl,cyrus-sasl2
The remote host is missing the patch for the advisory SUSE-SA:2005:013 cyrus-sasl,cyrus-sasl2. cyrus-sasl is a library providing authentication services. A buffer overflow in the digestmda5 code was identified that could lead to a remote attacker executing code in the context of the service using...
CVE-2004-0884
The 1 libsasl and 2 libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASLPATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASLPATH to point to malicious programs...
CVE-2004-0884
The 1 libsasl and 2 libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASLPATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASLPATH to point to malicious programs...
Debian DSA-563-3 : cyrus-sasl - unsanitised input
This advisory is an addition to DSA 563-1 and 563-2 which weren't able to supersede the library on sparc and arm due to a different version number for them in the stable archive. Other architectures were updated properly. Another problem was reported in connection with sendmail, though, which...
Debian DSA-568-1 : cyrus-sasl-mit - unsanitised input
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASLPATH blindly, which allows a local user to...
CVE-2004-0884
The 1 libsasl and 2 libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASLPATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASLPATH to point to malicious programs...
[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 568-1 [email protected] http://www.debian.org/security/ Martin Schulze October 16th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 563-3] New cyrus-sasl packages fix arbitrary code execution on sparc and arm
-------------------------------------------------------------------------- Debian Security Advisory DSA 563-3 [email protected] http://www.debian.org/security/ Martin Schulze October 14th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 563-1 [email protected] http://www.debian.org/security/ Martin Schulze October 12th, 2004 http://www.debian.org/security/faq -...
DSA-563-3 cyrus-sasl - unsanitised input
Bulletin has no description...
RHEL 2.1 / 3 : cyrus-sasl (RHSA-2004:546)
Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available. Updated 7th October 2004 Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap. The cyrus-sasl package contain...
Дырка в cyrus-sasl
Пользователи, прошедшие аутентификацию могут обратиться к любым ресурсам...