Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1347

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1347
Last Modified 05 Sep 2008 04:30:20
Published 18 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1347

Summary

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Vulnerable Systems

Application

  • Cyrus Sasl 2.1.9


References

BUGTRAQ - 20021209 Cyrus SASL library buffer overflows

REDHAT - RHSA-2002:283

APPLE - APPLE-SA-2005-03-21

XF - cyrus-sasl-logwriter-bo(10812)

XF - cyrus-sasl-saslauthd-bo(10811)

XF - cyrus-sasl-username-bo(10810)

BID - 6349

BID - 6348

BID - 6347

GENTOO - 200212-10

DEBIAN - DSA-215

CONECTIVA - 000557

SUSE - SuSE-SA:2002:048


Last Updated: 27 May 2016 10:37:17