DSA-5087-1 cyrus-sasl2 -- cyrus-sasl2ID: oval:org.secpod.oval:def:606108 | Date: (C)2022-03-08 (M)2023-01-09 |
Class: PATCH | Family: unix |
It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation.
Platform: |
Debian 10.x |
Debian 11.x |
Product: |
cyrus-sasl2-doc |
libsasl2-2 |
libsasl2-dev |
libsasl2-modules |
sasl2-bin |