TROYANOSYVIRUS
Back to CVEs

CVE-2002-1347

CRITICAL
9.8

Description

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/18/2002
Last Modified4/3/2025
Sourcenvd
Honeypot Sightings0

Affected Products

apple:mac_os_xapple:mac_os_x_servercyrusimap:cyrus_sasl

Weaknesses (CWE)

CWE-131

References

http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html(cve@mitre.org)
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557(cve@mitre.org)
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html(cve@mitre.org)
http://marc.info/?l=bugtraq&m=103946297703402&w=2(cve@mitre.org)
http://www.debian.org/security/2002/dsa-215(cve@mitre.org)
http://www.redhat.com/support/errata/RHSA-2002-283.html(cve@mitre.org)
http://www.securityfocus.com/advisories/4826(cve@mitre.org)
http://www.securityfocus.com/bid/6347(cve@mitre.org)
http://www.securityfocus.com/bid/6348(cve@mitre.org)
http://www.securityfocus.com/bid/6349(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812(cve@mitre.org)
http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html(af854a3a-2127-422b-91ae-364da2661108)
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=103946297703402&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2002/dsa-215(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2002-283.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/advisories/4826(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6347(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6348(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6349(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.