CVE-2002-1347

CRITICAL

Cyrus SASL library <2.1.9 - Buffer Overflow

Title source: llm

Description

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

References (13)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10812

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6349

[Mailing List, Patch] http://marc.info/?l=bugtraq&m=103946297703402&w=2

[Broken Link] http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html

[Broken Link] http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557

[Broken Link] http://www.debian.org/security/2002/dsa-215

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10811

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6348

[Mailing List] http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6347

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/advisories/4826

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10810

[Broken Link] http://www.redhat.com/support/errata/RHSA-2002-283.html

Scores

CVSS v3 9.8

EPSS 0.0998

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-131

Status published

Products (3)

apple/mac_os_x < 10.3.8

apple/mac_os_x_server < 10.3.8

cyrusimap/cyrus_sasl < 2.1.9

Published Dec 18, 2002

Tracked Since Feb 18, 2026