ID CVE-2002-1347
Summary Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
References
Vulnerable Configurations
  • cpe:2.3:a:cyrus:sasl:*:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2002:283
refmap via4
apple APPLE-SA-2005-03-21
bid
  • 6347
  • 6348
  • 6349
bugtraq 20021209 Cyrus SASL library buffer overflows
conectiva 000557
debian DSA-215
gentoo 200212-10
suse SuSE-SA:2002:048
xf
  • cyrus-sasl-logwriter-bo(10812)
  • cyrus-sasl-saslauthd-bo(10811)
  • cyrus-sasl-username-bo(10810)
Last major update 11-07-2017 - 01:29
Published 18-12-2002 - 05:00
Last modified 11-07-2017 - 01:29
Back to Top