The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash.
SASL (Simple Authentication and Security Layer) is a method for adding authentication support to various protocols. SASL is commonly used by mail servers to request authentication from clients and by clients to authenticate to servers.
The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function.
A remote attacker might be able to execute code, or cause any programs relying on SASL to crash or be unavailable.
Apple Inc. Affected
Gentoo Linux Affected
Red Hat, Inc. Affected
Sun Microsystems, Inc. Affected
The SCO Group Affected
SafeNet Not Affected
Conectiva Inc. Unknown
Cray Inc. Unknown
Debian GNU/Linux Unknown
Engarde Secure Linux Unknown
Fedora Project Unknown
Hewlett-Packard Company Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Ingrian Networks, Inc. Unknown
Juniper Networks, Inc. Unknown
Mandriva S. A. Unknown
MontaVista Software, Inc. Unknown
Novell, Inc. Unknown
Openwall GNU/*/Linux Unknown
SUSE Linux Unknown
Slackware Linux Inc. Unknown
Thanks to James Ralston for reporting this issue and providing technical information.
This document was written by Ryan Giobbi.
|Date First Published:||2009-05-14|
|Date Last Updated:||2009-08-26 13:19 UTC|