exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2009-0688

Status Candidate

Overview

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

Related Files

Mandriva Linux Security Advisory 2009-113
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0688
SHA-256 | 21fbbd4a48f81f37d84b4f2776bc6bb2121cf2d05871288600049d4f47db34ab
Gentoo Linux Security Advisory 200907-9
Posted Jul 13, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-09 - A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary code in applications or daemons that authenticate using SASL. James Ralston reported that in certain situations, Cyrus-SASL does not properly terminate strings which can result in buffer overflows when performing Base64 encoding. Versions less than 2.1.23 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2009-0688
SHA-256 | 143ce1e9a85916bd0eefb3aa9a59c9aa4178d0d8f74c6dc29160ea68153dc8b7
Ubuntu Security Notice 790-1
Posted Jun 25, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-790-1 - James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2009-0688
SHA-256 | 2c9fc157da531805cdd5da963075f3f8fd23477c2114e55795f715a1ad7bfafb
Debian Linux Security Advisory 1807-1
Posted Jun 2, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1807-1 - James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2009-0688
SHA-256 | afb4f27e7294bb89587a5da4a5b1dee6b80a732514182675444d918eba3d9825
Mandriva Linux Security Advisory 2009-113
Posted May 19, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0688
SHA-256 | 494dcee9739d518edf4a883fc1403ef5183896bc21eef190648871d2788c1df7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close