This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Carnegie Mellon University First view 2009-05-15
Product Cyrus-Sasl Last view 2009-05-15
Version 2.1.21 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:carnegie_mellon_university:cyrus-sasl

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2009-05-15 CVE-2009-0688

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
54515 Solaris libsasl(3LIB) sasl_encode64() Function Overflow
54514 Cyrus SASL lib/saslutil.c sasl_encode64() Function Overflow

OpenVAS Exploits

id Description
2011-08-09 Name : CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
File : nvt/gb_CESA-2009_1116_cyrus-imapd_centos5_i386.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:113-1 (cyrus-sasl)
File : nvt/mdksa_2009_113_1.nasl
2009-10-13 Name : Solaris Update for libsasl.so.1 141930-01
File : nvt/gb_solaris_141930_01.nasl
2009-10-13 Name : Solaris Update for libsasl.so.1 141931-01
File : nvt/gb_solaris_141931_01.nasl
2009-10-13 Name : SLES10: Security update for cyrus-sasl
File : nvt/sles10_cyrus-sasl.nasl
2009-10-11 Name : SLES11: Security update for cyrus-sasl
File : nvt/sles11_cyrus-sasl.nasl
2009-10-10 Name : SLES9: Security update for cyrus-sasl
File : nvt/sles9p5050660.nasl
2009-07-29 Name : Gentoo Security Advisory GLSA 200907-09 (cyrus-sasl)
File : nvt/glsa_200907_09.nasl
2009-06-30 Name : Ubuntu USN-790-1 (cyrus-sasl2)
File : nvt/ubuntu_790_1.nasl
2009-06-30 Name : Ubuntu USN-789-1 (gst-plugins-good0.10)
File : nvt/ubuntu_789_1.nasl
2009-06-23 Name : CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
File : nvt/ovcesa2009_1116.nasl
2009-06-23 Name : RedHat Security Advisory RHSA-2009:1116
File : nvt/RHSA_2009_1116.nasl
2009-06-15 Name : SuSE Security Summary SUSE-SR:2009:011
File : nvt/suse_sr_2009_011.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:113 (cyrus-sasl)
File : nvt/mdksa_2009_113.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-06-05 Name : Debian Security Advisory DSA 1807-1 (cyrus-sasl2, cyrus-sasl2-heimdal)
File : nvt/deb_1807_1.nasl
2009-05-28 Name : Cyrus SASL Remote Buffer Overflow Vulnerability
File : nvt/secpod_cyrus_sasllib_mul_bof_vuln.nasl
2009-05-20 Name : FreeBSD Ports: cyrus-sasl
File : nvt/freebsd_cyrus-sasl2.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-134-01 cyrus-sasl
File : nvt/esoft_slk_ssa_2009_134_01.nasl

Nessus® Vulnerability Scanner

id Description
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-1116.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090618_cyrus_imapd_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2010-03-29 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2010-002.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-1116.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_cyrus-sasl-6250.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_cyrus-sasl-090514.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12419.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_cyrus-sasl-090514.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_cyrus-sasl-090514.nasl - Type: ACT_GATHER_INFO
2009-07-13 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200907-09.nasl - Type: ACT_GATHER_INFO
2009-06-25 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-790-1.nasl - Type: ACT_GATHER_INFO
2009-06-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2009-1116.nasl - Type: ACT_GATHER_INFO
2009-06-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1807.nasl - Type: ACT_GATHER_INFO
2009-05-28 Name: The remote openSUSE host is missing a security update.
File: suse_cyrus-sasl-6249.nasl - Type: ACT_GATHER_INFO
2009-05-19 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-113.nasl - Type: ACT_GATHER_INFO
2009-05-15 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_14ab174c40ef11de9fd5001bd3385381.nasl - Type: ACT_GATHER_INFO
2009-05-15 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2009-134-01.nasl - Type: ACT_GATHER_INFO