English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64109
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 1807-1 (cyrus-sasl2, cyrus-sasl2-heimdal)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to cyrus-sasl2, cyrus-sasl2-heimdal
announced via advisory DSA 1807-1.

James Ralston discovered that the sasl_encode64() function of cyrus-sasl2,
a free library implementing the Simple Authentication and Security Layer,
suffers from a missing null termination in certain situations. This causes
several buffer overflows in situations where cyrus-sasl2 itself requires
the string to be null terminated which can lead to denial of service or
arbitrary code execution.

Important notice (Quoting from US-CERT):
While this patch will fix currently vulnerable code, it can cause
non-vulnerable existing code to break. Here's a function prototype from
include/saslutil.h to clarify my explanation:

/* base64 encode
* in -- input data
* inlen -- input data length
* out -- output buffer (will be NUL terminated)
* outmax -- max size of output buffer
* result:
* outlen -- gets actual length of output buffer (optional)
*
* Returns SASL_OK on success, SASL_BUFOVER if result won't fit
*/
LIBSASL_API int sasl_encode64(const char *in, unsigned inlen,
char *out, unsigned outmax,
unsigned *outlen)


Assume a scenario where calling code has been written in such a way that it
calculates the exact size required for base64 encoding in advance, then
allocates a buffer of that exact size, passing a pointer to the buffer into
sasl_encode64() as *out. As long as this code does not anticipate that the
buffer is NUL-terminated (does not call any string-handling functions like
strlen(), for example) the code will work and it will not be vulnerable.

Once this patch is applied, that same code will break because sasl_encode64()
will begin to return SASL_BUFOVER.


For the oldstable distribution (etch), this problem will be fixed soon.

For the stable distribution (lenny), this problem has been fixed in
version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal.


We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201807-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-0688
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 34961
http://www.securityfocus.com/bid/34961
Cert/CC Advisory: TA10-103B
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
CERT/CC vulnerability note: VU#238019
http://www.kb.cert.org/vuls/id/238019
Debian Security Information: DSA-1807 (Google Search)
http://www.debian.org/security/2009/dsa-1807
http://security.gentoo.org/glsa/glsa-200907-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:113
http://osvdb.org/54514
http://osvdb.org/54515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136
http://www.redhat.com/support/errata/RHSA-2009-1116.html
http://www.securitytracker.com/id?1022231
http://secunia.com/advisories/35094
http://secunia.com/advisories/35097
http://secunia.com/advisories/35102
http://secunia.com/advisories/35206
http://secunia.com/advisories/35239
http://secunia.com/advisories/35321
http://secunia.com/advisories/35416
http://secunia.com/advisories/35497
http://secunia.com/advisories/35746
http://secunia.com/advisories/39428
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://www.ubuntu.com/usn/usn-790-1
http://www.vupen.com/english/advisories/2009/1313
http://www.vupen.com/english/advisories/2009/2012
XForce ISS Database: solaris-sasl-saslencode64-bo(50554)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50554
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.