PT-2009-1022 · Cmu+1 · Cyrus-Sasl+2

James Ralston

Published

2009-05-15

Updated

2017-09-29

CVE-2009-0688

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions cyrus-sasl versions prior to 2.1.23 sasl2-bin (affected versions not specified)

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, potentially leading to the execution of arbitrary code or a denial of service. The vulnerability is related to multiple buffer overflows in the CMU Cyrus SASL library, specifically in the sasl encode64 function in lib/saslutil.c, which can be triggered by input strings.

Recommendations For cyrus-sasl versions prior to 2.1.23, update to version 2.1.23 or later to resolve the issue. For sasl2-bin, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-03038

BDU:2015-09383

CVE-2009-0688

DSA-1807-1

DTSA-200-1

DTSA-201-1

OPENSUSE-SU-2024:10403-1

RHSA-2009:1116

RHSA-2009_1116

Affected Products

Red Hat

Cyrus-Sasl

Sasl2-Bin

PT-2009-1022 · Cmu+1 · Cyrus-Sasl+2

CVE-2009-0688

Weakness Enumeration

Related Identifiers

Affected Products

References · 49