Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2009-0688

Published: 15/05/2009 Updated: 29/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cyrus-sasl

Vulnerability Summary

Multiple buffer overflows in the CMU Cyrus SASL library prior to 2.1.23 might allow remote malicious users to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

Vulnerable Product Search on Vulmon Subscribe to Product

carnegie mellon university cyrus-sasl 2.1.19

carnegie mellon university cyrus-sasl

carnegie mellon university cyrus-sasl 1.5.24

carnegie mellon university cyrus-sasl 1.5.15

carnegie mellon university cyrus-sasl 1.5.16

carnegie mellon university cyrus-sasl 1.5.27

carnegie mellon university cyrus-sasl 1.5.3

carnegie mellon university cyrus-sasl 2.0.5

carnegie mellon university cyrus-sasl 2.1.0

carnegie mellon university cyrus-sasl 2.1.1

carnegie mellon university cyrus-sasl 2.1.16

carnegie mellon university cyrus-sasl 2.1.21

carnegie mellon university cyrus-sasl 2.1.20

carnegie mellon university cyrus-sasl 1.5.11

carnegie mellon university cyrus-sasl 1.5.13

carnegie mellon university cyrus-sasl 1.5.23

carnegie mellon university cyrus-sasl 1.5.26

carnegie mellon university cyrus-sasl 2.0.3

carnegie mellon university cyrus-sasl 2.0.4

carnegie mellon university cyrus-sasl 2.1.14

carnegie mellon university cyrus-sasl 2.1.15

carnegie mellon university cyrus-sasl 2.1.6

carnegie mellon university cyrus-sasl 2.1.7

carnegie mellon university cyrus-sasl 1.5.0

carnegie mellon university cyrus-sasl 1.5.10

carnegie mellon university cyrus-sasl 1.5.21

carnegie mellon university cyrus-sasl 1.5.22

carnegie mellon university cyrus-sasl 2.0.1

carnegie mellon university cyrus-sasl 2.0.2

carnegie mellon university cyrus-sasl 2.1.12

carnegie mellon university cyrus-sasl 2.1.13

carnegie mellon university cyrus-sasl 2.1.3

carnegie mellon university cyrus-sasl 2.1.5

carnegie mellon university cyrus-sasl 2.1.17

carnegie mellon university cyrus-sasl 2.1.8

carnegie mellon university cyrus-sasl 2.1.9

carnegie mellon university cyrus-sasl 1.5.28

carnegie mellon university cyrus-sasl 1.4.1

carnegie mellon university cyrus-sasl 1.5.2

carnegie mellon university cyrus-sasl 1.5.20

carnegie mellon university cyrus-sasl 1.5.5

carnegie mellon university cyrus-sasl 2.0.0

carnegie mellon university cyrus-sasl 2.1.10

carnegie mellon university cyrus-sasl 2.1.11

carnegie mellon university cyrus-sasl 2.1.18

carnegie mellon university cyrus-sasl 2.1.2

Vendor Advisories

Red Hat: Important: cyrus-imapd security update
Synopsis Important: cyrus-imapd security update Type/Severity Security Advisory: Important Topic Updated cyrus-imapd packages that fix a security issue are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having important security impact by the RedHat Security Response Team ...
Debian CVElist Bug Report Logs: Cyrus SASL library buffer overflow vulnerability
Debian Bug report logs - #528749 Cyrus SASL library buffer overflow vulnerability Package: cyrus-sasl2; Maintainer for cyrus-sasl2 is Debian Cyrus Team <team+cyrus@trackerdebianorg>; Reported by: "Thijs Kinkhorst" <thijs@debianorg> Date: Fri, 15 May 2009 08:54:05 UTC Severity: serious Tags: security Found in vers ...
Ubuntu Security Notice: cyrus-sasl2 vulnerability
James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service ...
Debian Security Advisories: DSA-1807-1 cyrus-sasl2, cyrus-sasl2-heimdal -- buffer overflow
James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to de ...

References

CWE-119http://www.kb.cert.org/vuls/id/238019ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gzhttp://www.securityfocus.com/bid/34961http://secunia.com/advisories/35102http://www.mandriva.com/security/advisories?name=MDVSA-2009:113http://osvdb.org/54515http://www.vupen.com/english/advisories/2009/1313http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834http://osvdb.org/54514http://www.securitytracker.com/id?1022231http://secunia.com/advisories/35097http://secunia.com/advisories/35094http://support.avaya.com/elmodocs2/security/ASA-2009-184.htmhttp://secunia.com/advisories/35206http://secunia.com/advisories/35321http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091http://secunia.com/advisories/35239http://www.debian.org/security/2009/dsa-1807http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://secunia.com/advisories/35416http://secunia.com/advisories/35497http://www.redhat.com/support/errata/RHSA-2009-1116.htmlhttp://www.ubuntu.com/usn/usn-790-1http://secunia.com/advisories/35746http://security.gentoo.org/glsa/glsa-200907-09.xmlhttp://www.vupen.com/english/advisories/2009/2012http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://support.apple.com/kb/HT4077http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1http://secunia.com/advisories/39428http://www.us-cert.gov/cas/techalerts/TA10-103B.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50554https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687https://access.redhat.com/errata/RHSA-2009:1116https://usn.ubuntu.com/790-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/238019
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook