SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#238019

Cyrus SASL library buffer overflow vulnerability

Overview

The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash.

I. Description

SASL (Simple Authentication and Security Layer) is a method for adding authentication support to various protocols. SASL is commonly used by mail servers to request authentication from clients and by clients to authenticate to servers.

The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function.

II. Impact

A remote attacker might be able to execute code, or cause any programs relying on SASL to crash or be unavailable.

III. Solution

Upgrade

Cyrus SASL 2.1.23 has been released to address this issue. Before releasing fixed binaries, maintainers are encouraged to review the Cyrus vendor statement associated with this note.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Inc.Vulnerable2009-08-26
Conectiva Inc.Unknown2009-04-282009-04-28
Cray Inc.Unknown2009-04-282009-04-28
Cyrus-IMAPVulnerable2009-05-13
Debian GNU/LinuxUnknown2009-04-282009-04-28
Engarde Secure LinuxUnknown2009-04-282009-04-28
Fedora ProjectUnknown2009-04-282009-04-28
Gentoo LinuxVulnerable2009-04-282009-05-20
Hewlett-Packard CompanyUnknown2009-04-282009-04-28
IBM Corporation (zseries)Unknown2009-04-282009-04-28
IBM eServerUnknown2009-04-282009-04-28
Ingrian Networks, Inc.Unknown2009-04-282009-04-28
Juniper Networks, Inc.Unknown2009-05-182009-05-18
Mandriva S. A.Unknown2009-04-282009-04-28
MontaVista Software, Inc.Unknown2009-04-282009-04-28
Novell, Inc.Unknown2009-04-282009-04-28
Openwall GNU/*/LinuxUnknown2009-04-282009-04-28
Red Hat, Inc.Vulnerable2009-04-282009-05-14
SafeNetNot Vulnerable2009-05-132009-06-15
Slackware Linux Inc.Unknown2009-04-282009-04-28
Sun Microsystems, Inc.Vulnerable2009-04-282009-05-14
SUSE LinuxUnknown2009-04-282009-04-28
The SCO GroupVulnerable2009-04-282009-05-15
TurbolinuxUnknown2009-04-282009-04-28
UbuntuUnknown2009-04-282009-04-28

References


ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz
http://xorl.wordpress.com/2009/05/18/cve-2009-0688-cmu-cyrus-sasl-off-by-one-overflow/
http://en.wikipedia.org/w/index.php?title=Base64&oldid=285664115

Credit

Thanks to James Ralston for reporting this issue and providing technical information.

This document was written by Ryan Giobbi.

Other Information

Date Public:2009-04-08
Date First Published:2009-05-14
Date Last Updated:2009-08-26
CERT Advisory: 
CVE-ID(s):CVE-2009-0688
NVD-ID(s):CVE-2009-0688
US-CERT Technical Alerts: 
Metric:4.04
Document Revision:24

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader