[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4122Date: (C)2015-12-16   (M)2023-12-22


Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
DSA-3368
GLSA-201309-01
USN-2755-1
http://www.openwall.com/lists/oss-security/2013/07/12/3
http://www.openwall.com/lists/oss-security/2013/07/12/6
http://www.openwall.com/lists/oss-security/2013/07/13/1
http://www.openwall.com/lists/oss-security/2013/07/15/1
http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/

CPE    31
cpe:/a:gnu:glibc:2.3.6
cpe:/a:gnu:glibc:2.3.10
cpe:/a:gnu:glibc:2.2
cpe:/a:cmu:cyrus-sasl:2.1.19
...
CWE    1
CWE-189
OVAL    4
oval:org.secpod.oval:def:602239
oval:org.secpod.oval:def:1600097
oval:org.secpod.oval:def:702773
oval:org.secpod.oval:def:701447
...

© SecPod Technologies