Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.64109 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 1807-1 (cyrus-sasl2, cyrus-sasl2-heimdal) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing an update to cyrus-sasl2, cyrus-sasl2-heimdal announced via advisory DSA 1807-1. James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution. Important notice (Quoting from US-CERT): While this patch will fix currently vulnerable code, it can cause non-vulnerable existing code to break. Here's a function prototype from include/saslutil.h to clarify my explanation: /* base64 encode * in -- input data * inlen -- input data length * out -- output buffer (will be NUL terminated) * outmax -- max size of output buffer * result: * outlen -- gets actual length of output buffer (optional) * * Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ LIBSASL_API int sasl_encode64(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen) Assume a scenario where calling code has been written in such a way that it calculates the exact size required for base64 encoding in advance, then allocates a buffer of that exact size, passing a pointer to the buffer into sasl_encode64() as *out. As long as this code does not anticipate that the buffer is NUL-terminated (does not call any string-handling functions like strlen(), for example) the code will work and it will not be vulnerable. Once this patch is applied, that same code will break because sasl_encode64() will begin to return SASL_BUFOVER. For the oldstable distribution (etch), this problem will be fixed soon. For the stable distribution (lenny), this problem has been fixed in version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal. We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201807-1 CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0688 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 34961 http://www.securityfocus.com/bid/34961 Cert/CC Advisory: TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html CERT/CC vulnerability note: VU#238019 http://www.kb.cert.org/vuls/id/238019 Debian Security Information: DSA-1807 (Google Search) http://www.debian.org/security/2009/dsa-1807 http://security.gentoo.org/glsa/glsa-200907-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:113 http://osvdb.org/54514 http://osvdb.org/54515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136 http://www.redhat.com/support/errata/RHSA-2009-1116.html http://www.securitytracker.com/id?1022231 http://secunia.com/advisories/35094 http://secunia.com/advisories/35097 http://secunia.com/advisories/35102 http://secunia.com/advisories/35206 http://secunia.com/advisories/35239 http://secunia.com/advisories/35321 http://secunia.com/advisories/35416 http://secunia.com/advisories/35497 http://secunia.com/advisories/35746 http://secunia.com/advisories/39428 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.ubuntu.com/usn/usn-790-1 http://www.vupen.com/english/advisories/2009/1313 http://www.vupen.com/english/advisories/2009/2012 XForce ISS Database: solaris-sasl-saslencode64-bo(50554) https://exchange.xforce.ibmcloud.com/vulnerabilities/50554 |
Copyright | Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |