copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
By Operating...
»
UNIX (all)
»
Solaris
» AL-2009.0040 -- [UNIX/Linux] -- Cyrus SASL: Execute ...
AL-2009.0040 -- [UNIX/Linux] -- Cyrus SASL: Execute Arbitrary Code
Date:
15 May 2009
References
:
ESB-2009.0474
ESB-2009.0519
ESB-2009.0585
ESB-2009.1095
ESB-2010.0282
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== A U S C E R T A L E R T AL-2009.0040 -- AUSCERT ALERT [UNIX/Linux] Cyrus SASL: Execute Arbitrary Code 15 May 2009 =========================================================================== AusCERT Alert Summary --------------------- Product: Cyrus SASL Publisher: US-CERT Operating System: UNIX variants (UNIX, Linux, OSX) Impact: Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2009-0688 Original Bulletin: http://www.kb.cert.org/vuls/id/238019 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Note VU#238019 Cyrus SASL library buffer overflow vulnerability Overview The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash. I. Description SASL (Simple Authentication and Security Layer) is a method for adding authentication support to various protocols. SASL is commonly used by mail servers to request authentication from clients and by clients to authenticate to servers. The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function. II. Impact A remote attacker might be able to execute code, or cause any programs relying on SASL to crash or be unavailable. III. Solution Upgrade Cyrus SASL 2.1.23 has been released to address this issue. Before releasing fixed binaries, maintainers are encouraged to review the Cyrus vendor statement associated with this note. Systems Affected Vendor Status Date Notified Date Updated Conectiva Inc. Unknown 2009-04-28 2009-04-28 Cray Inc. Unknown 2009-04-28 2009-04-28 Cyrus-IMAP Vulnerable 2009-05-13 Debian GNU/Linux Unknown 2009-04-28 2009-04-28 Engarde Secure Linux Unknown 2009-04-28 2009-04-28 Fedora Project Unknown 2009-04-28 2009-04-28 Gentoo Linux Unknown 2009-04-28 2009-04-28 Hewlett-Packard Company Unknown 2009-04-28 2009-04-28 IBM Corporation (zseries) Unknown 2009-04-28 2009-04-28 IBM eServer Unknown 2009-04-28 2009-04-28 Ingrian Networks, Inc. Unknown 2009-04-28 2009-04-28 Mandriva S. A. Unknown 2009-04-28 2009-04-28 MontaVista Software, Inc. Unknown 2009-04-28 2009-04-28 Novell, Inc. Unknown 2009-04-28 2009-04-28 Openwall GNU/*/Linux Unknown 2009-04-28 2009-04-28 Red Hat, Inc. Vulnerable 2009-04-28 2009-05-14 SafeNet Unknown 2009-05-13 2009-05-13 Slackware Linux Inc. Unknown 2009-04-28 2009-04-28 Sun Microsystems, Inc. Vulnerable 2009-04-28 2009-05-14 SUSE Linux Unknown 2009-04-28 2009-04-28 The SCO Group Unknown 2009-04-28 2009-04-28 Turbolinux Unknown 2009-04-28 2009-04-28 Ubuntu Unknown 2009-04-28 2009-04-28 References ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz http://en.wikipedia.org/w/index.php?title=Base64&oldid=285664115 Credit Thanks to James Ralston for reporting this issue and providing technical information. This document was written by Ryan Giobbi. Other Information Date Public: 2009-04-08 Date First Published: 2009-05-14 Date Last Updated: 2009-05-14 CERT Advisory: CVE-ID(s): CVE-2009-0688 NVD-ID(s): CVE-2009-0688 US-CERT Technical Alerts: Metric: 4.04 Document Revision: 21 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFKDPy2NVH5XJJInbgRAqGKAJ9haIj1MrlsTdzj+yNRFO4+xJ85PACdFSgR QNqeRLoL+Pb1m9/RaKXyKGc= =RZ3L -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=33&it=10999