USN-790-1 -- cyrus-sasl2 vulnerability
|ID: oval:org.secpod.oval:def:700401||Date: (C)2011-05-13 (M)2017-11-27|
|Class: PATCH||Family: unix|
James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service.