TROYANOSYVIRUS
Retour aux CVEs

CVE-2002-1347

CRITICAL
9.8

Description

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/18/2002
Derniere modification4/3/2025
Sourcenvd
Observations honeypot0

Produits affectes

apple:mac_os_xapple:mac_os_x_servercyrusimap:cyrus_sasl

Faiblesses (CWE)

CWE-131

References

http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html(cve@mitre.org)
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557(cve@mitre.org)
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html(cve@mitre.org)
http://marc.info/?l=bugtraq&m=103946297703402&w=2(cve@mitre.org)
http://www.debian.org/security/2002/dsa-215(cve@mitre.org)
http://www.redhat.com/support/errata/RHSA-2002-283.html(cve@mitre.org)
http://www.securityfocus.com/advisories/4826(cve@mitre.org)
http://www.securityfocus.com/bid/6347(cve@mitre.org)
http://www.securityfocus.com/bid/6348(cve@mitre.org)
http://www.securityfocus.com/bid/6349(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812(cve@mitre.org)
http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html(af854a3a-2127-422b-91ae-364da2661108)
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=103946297703402&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2002/dsa-215(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2002-283.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/advisories/4826(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6347(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6348(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6349(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.