exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-113

Mandriva Linux Security Advisory 2009-113
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0688
SHA-256 | 21fbbd4a48f81f37d84b4f2776bc6bb2121cf2d05871288600049d4f47db34ab

Mandriva Linux Security Advisory 2009-113

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:113-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cyrus-sasl
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23
might allow remote attackers to execute arbitrary code or cause a
denial of service application crash) via strings that are used as
input to the sasl_encode64 function in lib/saslutil.c (CVE-2009-0688).

The updated packages have been patched to prevent this.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
0b5da906226132af2c2ed8270343f557 2008.0/i586/cyrus-sasl-2.1.22-23.1mdv2008.0.i586.rpm
de005340f6be93e76feb3d5fe94e2d54 2008.0/i586/libsasl2-2.1.22-23.1mdv2008.0.i586.rpm
3d919ce1d732f655ca6be7a89d434acd 2008.0/i586/libsasl2-devel-2.1.22-23.1mdv2008.0.i586.rpm
540c3b13f892438d8795c17cc89d42bf 2008.0/i586/libsasl2-plug-anonymous-2.1.22-23.1mdv2008.0.i586.rpm
d13e5e77f0949d58097eb2f734a10255 2008.0/i586/libsasl2-plug-crammd5-2.1.22-23.1mdv2008.0.i586.rpm
5950850223017fdf5a4b47f0618b55de 2008.0/i586/libsasl2-plug-digestmd5-2.1.22-23.1mdv2008.0.i586.rpm
5f1c9ad40cdf003c28ca1be8381d8029 2008.0/i586/libsasl2-plug-gssapi-2.1.22-23.1mdv2008.0.i586.rpm
08bbfad70b61a514204344a125413e14 2008.0/i586/libsasl2-plug-ldapdb-2.1.22-23.1mdv2008.0.i586.rpm
64386e5dd2a108387dc43379a5513e9c 2008.0/i586/libsasl2-plug-login-2.1.22-23.1mdv2008.0.i586.rpm
6447f2431d59bc5b30345259f276f6b3 2008.0/i586/libsasl2-plug-ntlm-2.1.22-23.1mdv2008.0.i586.rpm
93ae062a1aaab4e973859ef402a5a242 2008.0/i586/libsasl2-plug-otp-2.1.22-23.1mdv2008.0.i586.rpm
91c60f6ec94f4dddc5868588a4b8f68b 2008.0/i586/libsasl2-plug-plain-2.1.22-23.1mdv2008.0.i586.rpm
f5a00cdd4639421ca1ee15cc0be63eac 2008.0/i586/libsasl2-plug-sasldb-2.1.22-23.1mdv2008.0.i586.rpm
3d497c02f84a1c3328fdb391643da44c 2008.0/i586/libsasl2-plug-sql-2.1.22-23.1mdv2008.0.i586.rpm
6c88dcfd5ab050abd18f4d2983c79300 2008.0/SRPMS/cyrus-sasl-2.1.22-23.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
80d99cc844c67a2a06759bc1e7cc88db 2008.0/x86_64/cyrus-sasl-2.1.22-23.1mdv2008.0.x86_64.rpm
41b95422b894401eecc2a8681c9dc196 2008.0/x86_64/lib64sasl2-2.1.22-23.1mdv2008.0.x86_64.rpm
50f33da97b5da9b4bc30ec5bc6d1d659 2008.0/x86_64/lib64sasl2-devel-2.1.22-23.1mdv2008.0.x86_64.rpm
d4fb022df681b367b8679136f72b592e 2008.0/x86_64/lib64sasl2-plug-anonymous-2.1.22-23.1mdv2008.0.x86_64.rpm
5d927f67880f4aa762fb367d77641721 2008.0/x86_64/lib64sasl2-plug-crammd5-2.1.22-23.1mdv2008.0.x86_64.rpm
aed157358368d9ff50959a74fe9c25e4 2008.0/x86_64/lib64sasl2-plug-digestmd5-2.1.22-23.1mdv2008.0.x86_64.rpm
84d23ab14f7382f7c7ea6b5967ef2f40 2008.0/x86_64/lib64sasl2-plug-gssapi-2.1.22-23.1mdv2008.0.x86_64.rpm
9e4e676d2fbd739510acc32c0c43be95 2008.0/x86_64/lib64sasl2-plug-ldapdb-2.1.22-23.1mdv2008.0.x86_64.rpm
4db9412d9b049a07c6cd4a79763d6753 2008.0/x86_64/lib64sasl2-plug-login-2.1.22-23.1mdv2008.0.x86_64.rpm
ea10f518bb59213ef01857ea4dc0aa4d 2008.0/x86_64/lib64sasl2-plug-ntlm-2.1.22-23.1mdv2008.0.x86_64.rpm
63d56373895ddc03a85d4dd3ca1f960a 2008.0/x86_64/lib64sasl2-plug-otp-2.1.22-23.1mdv2008.0.x86_64.rpm
4b655bbd94e9693ea9f57811bd0efad3 2008.0/x86_64/lib64sasl2-plug-plain-2.1.22-23.1mdv2008.0.x86_64.rpm
5050def960a29e2857cd132785a21143 2008.0/x86_64/lib64sasl2-plug-sasldb-2.1.22-23.1mdv2008.0.x86_64.rpm
febdbe8c8c23b096a78ea20dc8ceca75 2008.0/x86_64/lib64sasl2-plug-sql-2.1.22-23.1mdv2008.0.x86_64.rpm
6c88dcfd5ab050abd18f4d2983c79300 2008.0/SRPMS/cyrus-sasl-2.1.22-23.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLF9djmqjQ0CJFipgRApFRAKC/uig37ZdrVvHGHDTHuj98+3tYcwCeMQgy
+UCg830NyZjsOIM1X1eAOhE=
=2Rcl
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close