Download
| Alert*
oval:org.secpod.oval:def:700401
James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service. oval:org.secpod.oval:def:202073 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library does not always reliably terminate output from the sasl_encode64 function used by programs using this library. The Cyrus IMAP server relied on thi ... oval:org.secpod.oval:def:202016 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library does not always reliably terminate output from the sasl_encode64 function used by programs using this library. The Cyrus IMAP server relied on thi ... oval:org.secpod.oval:def:600407 James Ralston discovered that the sasl_encode64 function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the s ... oval:org.secpod.oval:def:3878 The host is installed with Apple Mac OS X 10.5.8 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle strings that are used as input to the sasl_encode64 function in lib/saslutil.c. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:300856 Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash(CVE-2009-0688 oval:org.secpod.oval:def:300463 Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash(CVE-2009-0688 oval:org.mitre.oval:def:8333 James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the ... oval:org.secpod.oval:def:500606 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library does not always reliably terminate output from the sasl_encode64 function used by programs using this library. The Cyrus IMAP server relied on thi ... oval:org.secpod.oval:def:3869 The host is missing an important security update according to Apple advisory, APPLE-SA-2010-03-29-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly sanitize user supplied input. Successful exploitation could allow attackers t ... |