CVE-2009-0688

Related Files

Mandriva Linux Security Advisory 2009-113

Posted Dec 3, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2009-0688

SHA-256 | 21fbbd4a48f81f37d84b4f2776bc6bb2121cf2d05871288600049d4f47db34ab

Download | Favorite | View

Gentoo Linux Security Advisory 200907-9

Posted Jul 13, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-09 - A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary code in applications or daemons that authenticate using SASL. James Ralston reported that in certain situations, Cyrus-SASL does not properly terminate strings which can result in buffer overflows when performing Base64 encoding. Versions less than 2.1.23 are affected.

tags | advisory, overflow, arbitrary

systems | linux, gentoo

advisories | CVE-2009-0688

SHA-256 | 143ce1e9a85916bd0eefb3aa9a59c9aa4178d0d8f74c6dc29160ea68153dc8b7

Download | Favorite | View

Ubuntu Security Notice 790-1

Posted Jun 25, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-790-1 - James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2009-0688

SHA-256 | 2c9fc157da531805cdd5da963075f3f8fd23477c2114e55795f715a1ad7bfafb

Download | Favorite | View

Debian Linux Security Advisory 1807-1

Posted Jun 2, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1807-1 - James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, code execution

systems | linux, debian

advisories | CVE-2009-0688

SHA-256 | afb4f27e7294bb89587a5da4a5b1dee6b80a732514182675444d918eba3d9825

Download | Favorite | View

Mandriva Linux Security Advisory 2009-113

Posted May 19, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2009-0688

SHA-256 | 494dcee9739d518edf4a883fc1403ef5183896bc21eef190648871d2788c1df7

Download | Favorite | View