This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Carnegie Mellon University | First view | 2009-05-15 |
| Product | Cyrus-Sasl | Last view | 2009-05-15 |
| Version | 1.4.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:carnegie_mellon_university:cyrus-sasl | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2009-05-15 | CVE-2009-0688 | Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 54515 | Solaris libsasl(3LIB) sasl_encode64() Function Overflow |
| 54514 | Cyrus SASL lib/saslutil.c sasl_encode64() Function Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386 File : nvt/gb_CESA-2009_1116_cyrus-imapd_centos5_i386.nasl |
| 2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:113-1 (cyrus-sasl) File : nvt/mdksa_2009_113_1.nasl |
| 2009-10-13 | Name : Solaris Update for libsasl.so.1 141930-01 File : nvt/gb_solaris_141930_01.nasl |
| 2009-10-13 | Name : Solaris Update for libsasl.so.1 141931-01 File : nvt/gb_solaris_141931_01.nasl |
| 2009-10-13 | Name : SLES10: Security update for cyrus-sasl File : nvt/sles10_cyrus-sasl.nasl |
| 2009-10-11 | Name : SLES11: Security update for cyrus-sasl File : nvt/sles11_cyrus-sasl.nasl |
| 2009-10-10 | Name : SLES9: Security update for cyrus-sasl File : nvt/sles9p5050660.nasl |
| 2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-09 (cyrus-sasl) File : nvt/glsa_200907_09.nasl |
| 2009-06-30 | Name : Ubuntu USN-790-1 (cyrus-sasl2) File : nvt/ubuntu_790_1.nasl |
| 2009-06-30 | Name : Ubuntu USN-789-1 (gst-plugins-good0.10) File : nvt/ubuntu_789_1.nasl |
| 2009-06-23 | Name : CentOS Security Advisory CESA-2009:1116 (cyrus-imapd) File : nvt/ovcesa2009_1116.nasl |
| 2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1116 File : nvt/RHSA_2009_1116.nasl |
| 2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
| 2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:113 (cyrus-sasl) File : nvt/mdksa_2009_113.nasl |
| 2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
| 2009-06-05 | Name : Debian Security Advisory DSA 1807-1 (cyrus-sasl2, cyrus-sasl2-heimdal) File : nvt/deb_1807_1.nasl |
| 2009-05-28 | Name : Cyrus SASL Remote Buffer Overflow Vulnerability File : nvt/secpod_cyrus_sasllib_mul_bof_vuln.nasl |
| 2009-05-20 | Name : FreeBSD Ports: cyrus-sasl File : nvt/freebsd_cyrus-sasl2.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-134-01 cyrus-sasl File : nvt/esoft_slk_ssa_2009_134_01.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1116.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090618_cyrus_imapd_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
| 2010-03-29 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2010-002.nasl - Type: ACT_GATHER_INFO |
| 2010-01-06 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2009-1116.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_cyrus-sasl-6250.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_cyrus-sasl-090514.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12419.nasl - Type: ACT_GATHER_INFO |
| 2009-07-21 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_cyrus-sasl-090514.nasl - Type: ACT_GATHER_INFO |
| 2009-07-21 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_cyrus-sasl-090514.nasl - Type: ACT_GATHER_INFO |
| 2009-07-13 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200907-09.nasl - Type: ACT_GATHER_INFO |
| 2009-06-25 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-790-1.nasl - Type: ACT_GATHER_INFO |
| 2009-06-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2009-1116.nasl - Type: ACT_GATHER_INFO |
| 2009-06-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1807.nasl - Type: ACT_GATHER_INFO |
| 2009-05-28 | Name: The remote openSUSE host is missing a security update. File: suse_cyrus-sasl-6249.nasl - Type: ACT_GATHER_INFO |
| 2009-05-19 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2009-113.nasl - Type: ACT_GATHER_INFO |
| 2009-05-15 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_14ab174c40ef11de9fd5001bd3385381.nasl - Type: ACT_GATHER_INFO |
| 2009-05-15 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2009-134-01.nasl - Type: ACT_GATHER_INFO |
