Lucene search
UbuntuUSN-790-1HistoryJun 24, 2009 - 12:00 a.m.
Cyrus SASL vulnerability
2009-06-2400:00:00
ubuntu.com
38
6.2 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.407 Medium
EPSS
Percentile
97.3%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- cyrus-sasl2 -
Details
James Ralston discovered that the Cyrus SASL base64 encoding function
could be used unsafely. If a remote attacker sent a specially crafted
request to a service that used SASL, it could lead to a loss of privacy,
or crash the application, resulting in a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | libsasl2-2 | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | cyrus-sasl2-dbg | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libsasl2-dev | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libsasl2-modules | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libsasl2-modules-gssapi-mit | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libsasl2-modules-ldap | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libsasl2-modules-otp | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libsasl2-modules-sql | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | sasl2-bin | < 2.1.22.dfsg1-23ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libsasl2-2 | < 2.1.22.dfsg1-21ubuntu2.1 | UNKNOWN |
References
Related
openvas
openvas
SLES11: Security update for cyrus-sasl
2009-10-11 00:00:00
Solaris Update for libsasl.so.1 141930-01
2009-10-13 00:00:00
Cyrus SASL Remote Buffer Overflow Vulnerability
2009-05-28 00:00:00
nessus
nessus
Solaris 5.10 (x86) : 119346-07
2007-06-08 00:00:00
Solaris 10 (x86) : 141931-01
2018-03-12 00:00:00
GLSA-200907-09 : Cyrus-SASL: Execution of arbitrary code
2009-07-13 00:00:00
prion
prion
Buffer overflow
2009-05-15 15:30:00
oraclelinux
oraclelinux
cyrus-imapd security update
2009-06-18 00:00:00
gentoo
gentoo
Cyrus-SASL: Execution of arbitrary code
2009-07-12 00:00:00
debian
debian
freebsd
freebsd
cyrus-sasl -- buffer overflow vulnerability
2009-04-08 00:00:00
centos
centos
cyrus security update
2009-06-19 09:47:45
slackware
slackware
cyrus-sasl
2009-05-14 17:07:08
redhat
redhat
(RHSA-2009:1116) Important: cyrus-imapd security update
2009-06-18 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:34:33
ubuntucve
ubuntucve
CVE-2009-0688
2009-05-15 00:00:00
cert
cert
Cyrus SASL library buffer overflow vulnerability
2009-05-14 00:00:00
f5
f5
SOL15652 - SASL vulnerability CVE-2009-0688
2014-10-02 00:00:00
K15652 : SASL vulnerability CVE-2009-0688
2014-10-02 00:00:00
debiancve
debiancve
CVE-2009-0688
2009-05-15 15:30:00
cve
cve
CVE-2009-0688
2009-05-15 15:30:00
securityvulns
securityvulns
Oracle / Sun applications multiple security ulnerabilities
2010-04-17 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - April 2010
2010-04-13 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
6.2 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.407 Medium
EPSS
Percentile
97.3%
Related for USN-790-1