Sasl@1.5.27 Security Vulnerabilities and Issues — Sasl@1.5.27 CVE List

Lucene search

CyrusSasl1.5.27

3 matches found

CVE•added 2005/01/27 5:0 a.m.•71 views

CVE-2004-0884

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

7.2CVSS9.1AI score0.0006EPSS

CVE•added 2005/02/13 5:0 a.m.•63 views

CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

7.5CVSS7.4AI score0.04758EPSS

CVE•added 2005/07/14 4:0 a.m.•39 views

CVE-2002-2043

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.

7.5CVSS8.5AI score0.02144EPSS