FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0688

This CVE name corresponds to:

Entered Topic
2009-05-15 cyrus-sasl -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-0688
Phase Assigned(20090222)

Description

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

References

Source Reference
CONFIRM ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091
CONFIRM http://support.apple.com/kb/HT4077
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
APPLE APPLE-SA-2010-03-29-1
DEBIAN DSA-1807
GENTOO GLSA-200907-09
MANDRIVA MDVSA-2009:113
REDHAT RHSA-2009:1116
SLACKWARE SSA:2009-134-01
SUNALERT 259148
SUNALERT 264248
SUNALERT 273910
SUNALERT 1020755
SUNALERT 1021699
SUSE SUSE-SR:2009:011
UBUNTU USN-790-1
CERT TA10-103B
CERT-VN VU#238019
BID 34961
OSVDB 54514
OSVDB 54515
OVAL oval:org.mitre.oval:def:10687
OVAL oval:org.mitre.oval:def:6136
SECTRACK 1022231
SECUNIA 35094
SECUNIA 35097
SECUNIA 35102
SECUNIA 35206
SECUNIA 35239
SECUNIA 35321
SECUNIA 35416
SECUNIA 35497
SECUNIA 35746
SECUNIA 39428
VUPEN ADV-2009-1313
VUPEN ADV-2009-2012
XF solaris-sasl-saslencode64-bo(50554)