fkie_cve-2009-0688
Vulnerability from fkie_nvd
Published
2009-05-15 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
References
cret@cert.orgftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gzPatch
cret@cert.orghttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
cret@cert.orghttp://osvdb.org/54514
cret@cert.orghttp://osvdb.org/54515
cret@cert.orghttp://secunia.com/advisories/35094
cret@cert.orghttp://secunia.com/advisories/35097
cret@cert.orghttp://secunia.com/advisories/35102
cret@cert.orghttp://secunia.com/advisories/35206
cret@cert.orghttp://secunia.com/advisories/35239
cret@cert.orghttp://secunia.com/advisories/35321
cret@cert.orghttp://secunia.com/advisories/35416
cret@cert.orghttp://secunia.com/advisories/35497
cret@cert.orghttp://secunia.com/advisories/35746
cret@cert.orghttp://secunia.com/advisories/39428
cret@cert.orghttp://security.gentoo.org/glsa/glsa-200907-09.xml
cret@cert.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834
cret@cert.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1
cret@cert.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1
cret@cert.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1
cret@cert.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1
cret@cert.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1
cret@cert.orghttp://support.apple.com/kb/HT4077
cret@cert.orghttp://support.avaya.com/elmodocs2/security/ASA-2009-184.htm
cret@cert.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091
cret@cert.orghttp://www.debian.org/security/2009/dsa-1807
cret@cert.orghttp://www.kb.cert.org/vuls/id/238019Patch, US Government Resource
cret@cert.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:113
cret@cert.orghttp://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
cret@cert.orghttp://www.redhat.com/support/errata/RHSA-2009-1116.html
cret@cert.orghttp://www.securityfocus.com/bid/34961Patch
cret@cert.orghttp://www.securitytracker.com/id?1022231
cret@cert.orghttp://www.ubuntu.com/usn/usn-790-1
cret@cert.orghttp://www.us-cert.gov/cas/techalerts/TA10-103B.htmlUS Government Resource
cret@cert.orghttp://www.vupen.com/english/advisories/2009/1313
cret@cert.orghttp://www.vupen.com/english/advisories/2009/2012
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50554
cret@cert.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687
cret@cert.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gzPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54514
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54515
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35094
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35097
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35102
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35206
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35239
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35321
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35416
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35497
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35746
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39428
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200907-09.xml
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1807
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/238019Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:113
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1116.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34961Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022231
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-790-1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-103B.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1313
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2012
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50554
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136
Impacted products
Vendor Product Version
carnegie_mellon_university cyrus-sasl *
carnegie_mellon_university cyrus-sasl 1.4.1
carnegie_mellon_university cyrus-sasl 1.5.0
carnegie_mellon_university cyrus-sasl 1.5.2
carnegie_mellon_university cyrus-sasl 1.5.3
carnegie_mellon_university cyrus-sasl 1.5.5
carnegie_mellon_university cyrus-sasl 1.5.10
carnegie_mellon_university cyrus-sasl 1.5.11
carnegie_mellon_university cyrus-sasl 1.5.13
carnegie_mellon_university cyrus-sasl 1.5.15
carnegie_mellon_university cyrus-sasl 1.5.16
carnegie_mellon_university cyrus-sasl 1.5.20
carnegie_mellon_university cyrus-sasl 1.5.21
carnegie_mellon_university cyrus-sasl 1.5.22
carnegie_mellon_university cyrus-sasl 1.5.23
carnegie_mellon_university cyrus-sasl 1.5.24
carnegie_mellon_university cyrus-sasl 1.5.26
carnegie_mellon_university cyrus-sasl 1.5.27
carnegie_mellon_university cyrus-sasl 1.5.28
carnegie_mellon_university cyrus-sasl 2.0.0
carnegie_mellon_university cyrus-sasl 2.0.1
carnegie_mellon_university cyrus-sasl 2.0.2
carnegie_mellon_university cyrus-sasl 2.0.3
carnegie_mellon_university cyrus-sasl 2.0.4
carnegie_mellon_university cyrus-sasl 2.0.5
carnegie_mellon_university cyrus-sasl 2.1.0
carnegie_mellon_university cyrus-sasl 2.1.1
carnegie_mellon_university cyrus-sasl 2.1.2
carnegie_mellon_university cyrus-sasl 2.1.3
carnegie_mellon_university cyrus-sasl 2.1.5
carnegie_mellon_university cyrus-sasl 2.1.6
carnegie_mellon_university cyrus-sasl 2.1.7
carnegie_mellon_university cyrus-sasl 2.1.8
carnegie_mellon_university cyrus-sasl 2.1.9
carnegie_mellon_university cyrus-sasl 2.1.10
carnegie_mellon_university cyrus-sasl 2.1.11
carnegie_mellon_university cyrus-sasl 2.1.12
carnegie_mellon_university cyrus-sasl 2.1.13
carnegie_mellon_university cyrus-sasl 2.1.14
carnegie_mellon_university cyrus-sasl 2.1.15
carnegie_mellon_university cyrus-sasl 2.1.16
carnegie_mellon_university cyrus-sasl 2.1.17
carnegie_mellon_university cyrus-sasl 2.1.18
carnegie_mellon_university cyrus-sasl 2.1.19
carnegie_mellon_university cyrus-sasl 2.1.20
carnegie_mellon_university cyrus-sasl 2.1.21


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE960939-A4EB-48EF-AF34-55594AE7DC77",
              "versionEndIncluding": "2.1.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BEB28E-8CB4-40D1-8C1C-C9176FF85375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC6C6AED-7F54-4833-AD7A-DBA943D556CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2480238-1543-41F8-8AE8-8B39C435909F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3AD0B1-CA87-4781-859D-817AC36C0E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3420B0EC-C2B5-4391-994D-A379A84375D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C792FC66-0903-4339-9594-286E22A332B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFFC1662-FC2F-4F0C-9F54-A593D2272728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9163D050-653D-4E19-8650-C63AAE756A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1355304-ECEB-465C-B4E4-61F280B93083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "838325C9-9F9F-438C-A3A7-E88C29D0D508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64D37E3-5068-4773-A0E4-DF48CB1B5988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B91E81-E4DF-402D-AFC9-106F8E7BE280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C8037E-E7C5-41F2-8200-6BCF1F4231AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "729258B3-E537-4B7D-8C4D-2257B86C746C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2651BC-04DB-4807-95FC-E4DD48A504F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE4D1B8-61E1-4862-B014-C3B4306643F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "340A8945-CDC4-4C27-829A-526E7ABE8AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8322F46-565E-4FBE-B42B-A369DB971954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE6F481C-5209-499F-94CC-D552961AC4F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2103985B-3283-4A60-B8E1-54E3243E0CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33BCA1DC-E392-4BAB-B988-D4EAC2D0762D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FCE614-FC84-4533-B40B-F71B4CA9259A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E1FB96F-9A6E-4CAB-8D1D-3B980B1BE125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33A6FD48-AB9B-49E9-8987-7791E0CB8CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "041EE0B5-4125-4A93-B91B-DD6A49C34FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "747F34DD-5645-46D1-A256-CFBC5A399B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A81A7CD5-5E03-45BA-9F49-E2A6AEB7C353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB9648A-2393-41D8-8B2E-72A6E1B3FB68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "220421BF-64E7-4014-9143-5699FDF41024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5948936A-076E-48B7-ACE0-C53067780AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "237344AF-AE16-40EF-AECE-F7659193B3E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "662552C9-0BE5-42DF-81BA-DE0DDF72F76D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8E226EA-AD15-4DB9-9599-F7A91FDA879F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09BFB5-E2B0-43EE-AA80-EE2E58A188AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E838CB52-C13A-45C6-9B21-87A3D8701F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B99BDFC9-2002-4C2A-A3ED-C4FB49A77C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E18DC9D-A315-4A26-816D-86F90E198660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF41DE28-AD62-4591-8541-0CA3D0397F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F32C986-EAF2-45A1-8DCE-222F422FC3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "22094743-3B1A-42CD-B30C-B4E986C0F511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BF7D594-6111-435A-8689-F5B23CB0457B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "413902AD-3EFE-480E-B8EC-C6F28AF84C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "A181DAC2-112F-4C6A-8292-7526DD592A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF8F6313-9CC5-4685-8E26-BD7CF8CBFDE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "923C3D5B-A676-40C2-B8BC-C25A1B5FC1E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la librer\u00eda CMU Cyrus SASL versiones anteriores a v2.1.23 puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de cadenas que son utilizadas como entradas en la funci\u00f3n sasl_encode64 en lib/saslutil.c."
    }
  ],
  "id": "CVE-2009-0688",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-15T15:30:00.187",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://osvdb.org/54514"
    },
    {
      "source": "cret@cert.org",
      "url": "http://osvdb.org/54515"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35094"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35097"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35102"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35206"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35239"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35321"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35497"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/35746"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/39428"
    },
    {
      "source": "cret@cert.org",
      "url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"
    },
    {
      "source": "cret@cert.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.448834"
    },
    {
      "source": "cret@cert.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"
    },
    {
      "source": "cret@cert.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"
    },
    {
      "source": "cret@cert.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
    },
    {
      "source": "cret@cert.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"
    },
    {
      "source": "cret@cert.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
    },
    {
      "source": "cret@cert.org",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "cret@cert.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"
    },
    {
      "source": "cret@cert.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.debian.org/security/2009/dsa-1807"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/238019"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34961"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1022231"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.ubuntu.com/usn/usn-790-1"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2009/1313"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2009/2012"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"
    },
    {
      "source": "cret@cert.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"
    },
    {
      "source": "cret@cert.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.448834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/238019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-790-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vendorComments": [
    {
      "comment": "The upstream fix for this issue is not backwards compatible and introduces an ABI change not allowed in Red Hat Enterprise Linux.  Therefore, there is no plan to address this problem directly in cyrus-sasl packages.\n\nAll applications shipped in Red Hat Enterprise Linux and using affected sasl_encode64() function were investigated and patched if their use of the function could have security consequences.  See following bug report for further details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0688#c20",
      "lastModified": "2009-06-19T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.