| Vulnerability Name: | CVE-2002-1347 (CCN-10810) | ||||||||
| Assigned: | 2002-12-09 | ||||||||
| Published: | 2002-12-09 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Carnegie Mellon University's FTP site /pub/cyrus-mail/ Source: CCN Type: BugTraq Mailing List, Mon Dec 09 2002 - 13:25:08 CST Cyrus SASL library buffer overflows Source: SUSE Type: UNKNOWN SuSE-SA:2002:048 Source: MITRE Type: CNA CVE-2002-1347 Source: CCN Type: Conectiva Linux Announcement CLSA-2002:557 cyrus-imapd Source: CONECTIVA Type: UNKNOWN 000557 Source: APPLE Type: UNKNOWN APPLE-SA-2005-03-21 Source: BUGTRAQ Type: UNKNOWN 20021209 Cyrus SASL library buffer overflows Source: CCN Type: RHSA-2002-283 Updated cyrus-sasl packages fix buffer overflows Source: CCN Type: CIAC INFORMATION BULLETIN P-156 Apple Security Update 2005-003 Source: DEBIAN Type: UNKNOWN DSA-215 Source: REDHAT Type: UNKNOWN RHSA-2002:283 Source: GENTOO Type: UNKNOWN 200212-10 Source: BID Type: UNKNOWN 6347 Source: CCN Type: BID-6347 Cyrus SASL Library Username Heap Corruption Vulnerability Source: BID Type: UNKNOWN 6348 Source: CCN Type: BID-6348 Cyrus SASL Library LDAP Heap Corruption Vulnerability Source: BID Type: UNKNOWN 6349 Source: CCN Type: BID-6349 Cyrus SASL Library Logging Memory Corruption Vulnerability Source: XF Type: UNKNOWN cyrus-sasl-username-bo(10810) Source: XF Type: UNKNOWN cyrus-sasl-username-bo(10810) Source: XF Type: UNKNOWN cyrus-sasl-saslauthd-bo(10811) Source: XF Type: UNKNOWN cyrus-sasl-logwriter-bo(10812) Source: SUSE Type: SUSE-SA:2002:048 cyrus-imapd: remote command execution | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2002-1347 (CCN-10811) | ||||||||
| Assigned: | 2002-12-09 | ||||||||
| Published: | 2002-12-09 | ||||||||
| Updated: | 2002-12-09 | ||||||||
| Summary: | Carnegie Mellon University's Cyrus-SASL library is vulnerable to a buffer overflow, caused by improper filtering of escape characters by the saslauthd daemon. By sending a username containing one or more escape characters ('*', '(', ')', '\' and '\0' ) during Lightweight Directory Access Protocol (LDAP) authentication, a local attacker could overflow a buffer and execute code on the system. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Carnegie Mellon University's FTP site /pub/cyrus-mail/ Source: CCN Type: BugTraq Mailing List, Mon Dec 09 2002 - 13:25:08 CST Cyrus SASL library buffer overflows Source: MITRE Type: CNA CVE-2002-1347 Source: CCN Type: RHSA-2002-283 Updated cyrus-sasl packages fix buffer overflows Source: CCN Type: CIAC INFORMATION BULLETIN P-156 Apple Security Update 2005-003 Source: CCN Type: Gentoo Linux Security Announcement 200212-10 cyrus-sasl -- buffer overflows Source: CCN Type: BID-6347 Cyrus SASL Library Username Heap Corruption Vulnerability Source: CCN Type: BID-6348 Cyrus SASL Library LDAP Heap Corruption Vulnerability Source: CCN Type: BID-6349 Cyrus SASL Library Logging Memory Corruption Vulnerability Source: XF Type: UNKNOWN cyrus-sasl-saslauthd-bo(10811) Source: SUSE Type: SUSE-SA:2002:048 cyrus-imapd: remote command execution | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2002-1347 (CCN-10812) | ||||||||
| Assigned: | 2002-12-09 | ||||||||
| Published: | 2002-12-09 | ||||||||
| Updated: | 2002-12-09 | ||||||||
| Summary: | Carnegie Mellon University's Cyrus-SASL library is vulnerable to a buffer overflow in the log writer. The Cyrus-SASL library fails to properly handle trailing null bytes in a log message. By causing the Cyrus-SASL log writer to write data to the log containing a trailing null byte \0, a local attacker could overflow a buffer and execute code on the system. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Carnegie Mellon University's FTP site /pub/cyrus-mail/ Source: CCN Type: BugTraq Mailing List, Mon Dec 09 2002 - 13:25:08 CST Cyrus SASL library buffer overflows Source: MITRE Type: CNA CVE-2002-1347 Source: CCN Type: RHSA-2002-283 Updated cyrus-sasl packages fix buffer overflows Source: CCN Type: CIAC INFORMATION BULLETIN P-156 Apple Security Update 2005-003 Source: CCN Type: Gentoo Linux Security Announcement 200212-10 cyrus-sasl -- buffer overflows Source: CCN Type: BID-6347 Cyrus SASL Library Username Heap Corruption Vulnerability Source: CCN Type: BID-6348 Cyrus SASL Library LDAP Heap Corruption Vulnerability Source: CCN Type: BID-6349 Cyrus SASL Library Logging Memory Corruption Vulnerability Source: XF Type: UNKNOWN cyrus-sasl-logwriter-bo(10812) Source: SUSE Type: SUSE-SA:2002:048 cyrus-imapd: remote command execution | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||