Summary
This host has installed Cyrus SASL library and is prone to Remote Buffer Overflow vulnerability
Impact
Successful exploits allow attackers to run arbitrary code and to crash an application that uses the library thus denying service to legitimate users.
Impact Level: Application
Solution
Upgrade to version 2.1.23 or later.
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz
Insight
An error in 'sasl_encode64' function within the lib/saslutil.c, as it fails to perform adequate boundary checks on user supplied data before copying the data to allocated memory buffers.
Affected
Cyrus SASL version prior to 2.1.23
References
Severity
Classification
-
CVE CVE-2009-0688 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability
- 3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability
- DesignWorks Professional '.cct' File BOF Vulnerability
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
- Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability