National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-0688)

National Cyber-Alert System

Vulnerability Summary for CVE-2009-0688

Original release date:05/15/2009

Last revised:10/23/2012

Source: US-CERT/NIST

Overview

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (06/19/2009)

The upstream fix for this issue is not backwards compatible and introduces an ABI change not allowed in Red Hat Enterprise Linux. Therefore, there is no plan to address this problem directly in cyrus-sasl packages. All applications shipped in Red Hat Enterprise Linux and using affected sasl_encode64() function were investigated and patched if their use of the function could have security consequences. See following bug report for further details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0688#c20

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#238019

Name: VU#238019

Type: Patch Information

Hyperlink:http://www.kb.cert.org/vuls/id/238019

US-CERT Technical Alert: TA10-103B

Name: TA10-103B

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA10-103B.html

External Source: BID

Name: 34961

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/34961

External Source: CONFIRM

Name: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz

Type: Patch Information

Hyperlink:ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz

External Source: XF

Name: solaris-sasl-saslencode64-bo(50554)

Hyperlink:http://xforce.iss.net/xforce/xfdb/50554

External Source: VUPEN

Name: ADV-2009-2012

Hyperlink:http://www.vupen.com/english/advisories/2009/2012

External Source: VUPEN

Name: ADV-2009-1313

Hyperlink:http://www.vupen.com/english/advisories/2009/1313

External Source: UBUNTU

Name: USN-790-1

Hyperlink:http://www.ubuntu.com/usn/usn-790-1

External Source: SECTRACK

Name: 1022231

Hyperlink:http://www.securitytracker.com/id?1022231

External Source: REDHAT

Name: RHSA-2009:1116

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1116.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html

External Source: MANDRIVA

Name: MDVSA-2009:113

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:113

External Source: DEBIAN

Name: DSA-1807

Hyperlink:http://www.debian.org/security/2009/dsa-1807

External Source: CONFIRM

Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091

Hyperlink:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm

External Source: CONFIRM

Name: http://support.apple.com/kb/HT4077

Hyperlink:http://support.apple.com/kb/HT4077

External Source: SUNALERT

Name: 1021699

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1

External Source: SUNALERT

Name: 1020755

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1

External Source: SUNALERT

Name: 273910

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1

External Source: SUNALERT

Name: 264248

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1

External Source: SUNALERT

Name: 259148

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1

External Source: SLACKWARE

Name: SSA:2009-134-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834

External Source: GENTOO

Name: GLSA-200907-09

Hyperlink:http://security.gentoo.org/glsa/glsa-200907-09.xml

External Source: SECUNIA

Name: 39428

Hyperlink:http://secunia.com/advisories/39428

External Source: SECUNIA

Name: 35746

Hyperlink:http://secunia.com/advisories/35746

External Source: SECUNIA

Name: 35497

Hyperlink:http://secunia.com/advisories/35497

External Source: SECUNIA

Name: 35416

Hyperlink:http://secunia.com/advisories/35416

External Source: SECUNIA

Name: 35321

Hyperlink:http://secunia.com/advisories/35321

External Source: SECUNIA

Name: 35239

Hyperlink:http://secunia.com/advisories/35239

External Source: SECUNIA

Name: 35206

Hyperlink:http://secunia.com/advisories/35206

External Source: SECUNIA

Name: 35102

Hyperlink:http://secunia.com/advisories/35102

External Source: SECUNIA

Name: 35097

Hyperlink:http://secunia.com/advisories/35097

External Source: SECUNIA

Name: 35094

Hyperlink:http://secunia.com/advisories/35094

External Source: OVAL

Name: oval:org.mitre.oval:def:6136

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6136

External Source: OVAL

Name: oval:org.mitre.oval:def:10687

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10687

External Source: OSVDB

Name: 54515

Hyperlink:http://osvdb.org/54515

External Source: OSVDB

Name: 54514

Hyperlink:http://osvdb.org/54514

External Source: SUSE

Name: SUSE-SR:2009:011

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

External Source: APPLE

Name: APPLE-SA-2010-03-29-1

Hyperlink:http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

References to Check Content

Identifier:oval:org.mitre.oval:def:6136

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6136

Identifier:oval:org.mitre.oval:def:10687

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10687

Vulnerable software and versions

Configuration 1

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.21

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.20

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.19

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.22 and previous versions

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.24

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.28

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.4.1

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.0

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.10

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.11

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.13

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.15

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.16

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.2

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.20

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.21

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.22

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.23

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.26

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.27

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.3

* cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.5

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.0

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.1

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.2

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.3

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.4

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.5

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.0

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.1

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.10

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.11

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.12

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.13

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.14

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.15

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.16

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.17

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.18

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.2

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.3

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.5

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.6

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.7

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.8

* cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.9

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688