Vulnerability CVE-2001-0869

Vulnerability Name:

CVE-2001-0869 (CCN-7443)

Assigned:

2001-11-01

Published:

2001-11-01

Updated:

2018-05-03

Summary:

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Carnegie Mellon University FTP site
/pub/cyrus-mail/

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-02:15

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-040.0
Linux - Format String Problem in Cyrus-SASL

Source: CCN
Type: BugTraq Mailing List, Thu Nov 01 2001 - 00:55:07 CST
Formatting string bug on cyrus-sasl library

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-02:15
cyrus-sasl library contains format string vulnerability

Source: CCN
Type: Andrew Bugzilla
Bugzilla Bug 326

Source: MITRE
Type: CNA
CVE-2001-0869

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:444
sasl format string vulnerability

Source: CONECTIVA
Type: UNKNOWN
CLA-2001:444

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:018

Source: SUSE
Type: Patch, Vendor Advisory
SuSE-SA:2001:042

Source: CCN
Type: RHSA-2001-150
Updated Cyrus SASL packages available

Source: CCN
Type: RHSA-2001-151
Updated Cyrus SASL packages available

Source: CALDERA
Type: UNKNOWN
CSSA-2001-040.0

Source: CCN
Type: OSVDB ID: 5533
Cyrus SASL Library Default Login Format String

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2001:150

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2001:151

Source: BID
Type: UNKNOWN
3498

Source: CCN
Type: BID-3498
Cyrus-SASL Syslog Format String Vulnerability

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:042
cyrus-sasl

Source: XF
Type: UNKNOWN
cyrus-sasl-format-string(7443)

Source: XF
Type: UNKNOWN
cyrus-sasl-format-string(7443)

Vulnerable Configuration:

Configuration 1:

cpe:/a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*

OR cpe:/a:redhat:linux_powertools:6.2:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:caldera:openlinux_eserver:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*