[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1807-1 cyrus-sasl2, cyrus-sasl2-heimdal -- buffer overflow

ID: oval:org.secpod.oval:def:600407Date: (C)2011-05-13   (M)2022-10-10
Class: PATCHFamily: unix




James Ralston discovered that the sasl_encode64 function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution. Important notice : While this patch will fix currently vulnerable code, it can cause non-vulnerable existing code to break. Here"s a function prototype from include/saslutil.h to clarify my explanation: /* base64 encode * in -- input data * inlen -- input data length * out -- output buffer * outmax -- max size of output buffer * result: * outlen -- gets actual length of output buffer * * Returns SASL_OK on success, SASL_BUFOVER if result won"t fit */ LIBSASL_API int sasl_encode64; Assume a scenario where calling code has been written in such a way that it calculates the exact size required for base64 encoding in advance, then allocates a buffer of that exact size, passing a pointer to the buffer into sasl_encode64 as *out. As long as this code does not anticipate that the buffer is NUL-terminated the code will work and it will not be vulnerable. Once this patch is applied, that same code will break because sasl_encode64 will begin to return SASL_BUFOVER. For the oldstable distribution , this problem will be fixed soon. For the stable distribution , this problem has been fixed in version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal. We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.

Platform:
Debian 5.0
Product:
cyrus-sasl2
cyrus-sasl2-heimdal
Reference:
DSA-1807-1
CVE-2009-0688
CVE    1
CVE-2009-0688
CPE    1
cpe:/o:debian:debian_linux:5.x

© SecPod Technologies