CVE - CVE-2009-0688

CVE-ID
CVE-2009-0688	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2010-03-29-1 URL:http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BID:34961 URL:http://www.securityfocus.com/bid/34961 CERT:TA10-103B URL:http://www.us-cert.gov/cas/techalerts/TA10-103B.html CERT-VN:VU#238019 URL:http://www.kb.cert.org/vuls/id/238019 CONFIRM:ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz CONFIRM:http://support.apple.com/kb/HT4077 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html DEBIAN:DSA-1807 URL:http://www.debian.org/security/2009/dsa-1807 GENTOO:GLSA-200907-09 URL:http://security.gentoo.org/glsa/glsa-200907-09.xml MANDRIVA:MDVSA-2009:113 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:113~~ (Obsolete source) OSVDB:54514 URL:~~http://osvdb.org/54514~~ (Obsolete source) OSVDB:54515 URL:~~http://osvdb.org/54515~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10687 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687 OVAL:oval:org.mitre.oval:def:6136 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136 REDHAT:RHSA-2009:1116 URL:http://www.redhat.com/support/errata/RHSA-2009-1116.html SECTRACK:1022231 URL:http://www.securitytracker.com/id?1022231 SECUNIA:35094 URL:http://secunia.com/advisories/35094 SECUNIA:35097 URL:http://secunia.com/advisories/35097 SECUNIA:35102 URL:http://secunia.com/advisories/35102 SECUNIA:35206 URL:http://secunia.com/advisories/35206 SECUNIA:35239 URL:http://secunia.com/advisories/35239 SECUNIA:35321 URL:http://secunia.com/advisories/35321 SECUNIA:35416 URL:http://secunia.com/advisories/35416 SECUNIA:35497 URL:http://secunia.com/advisories/35497 SECUNIA:35746 URL:http://secunia.com/advisories/35746 SECUNIA:39428 URL:http://secunia.com/advisories/39428 SLACKWARE:SSA:2009-134-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834 SUNALERT:1020755 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1~~ (Obsolete source) SUNALERT:1021699 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1~~ (Obsolete source) SUNALERT:259148 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1~~ (Obsolete source) SUNALERT:264248 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1~~ (Obsolete source) SUNALERT:273910 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1~~ (Obsolete source) SUSE:SUSE-SR:2009:011 URL:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html UBUNTU:USN-790-1 URL:http://www.ubuntu.com/usn/usn-790-1 VUPEN:ADV-2009-1313 URL:~~http://www.vupen.com/english/advisories/2009/1313~~ (Obsolete source) VUPEN:ADV-2009-2012 URL:~~http://www.vupen.com/english/advisories/2009/2012~~ (Obsolete source) XF:solaris-sasl-saslencode64-bo(50554) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/50554
Assigning CNA
CERT/CC
Date Record Created
20090222	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090222)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)