{"vuid":"VU#238019","idnumber":"238019","name":"Cyrus SASL library buffer overflow vulnerability","keywords":["SASL","cyrus","imap","sasl_encode64()"],"overview":"The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash.","clean_desc":"SASL (Simple Authentication and Security Layer) is a method for adding authentication support to various protocols. SASL is commonly used by mail servers to request authentication from clients and by clients to authenticate to servers. The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function.","impact":"A remote attacker might be able to execute code, or cause any programs relying on SASL to crash or be unavailable.","resolution":"Upgrade\nCyrus SASL 2.1.23 has been released to address this issue. Before releasing fixed binaries, maintainers are encouraged to review the Cyrus vendor statement associated with this note.","workarounds":"","sysaffected":"","thanks":"Thanks to James Ralston for reporting this issue and providing technical information.","author":"This document was written by Ryan Giobbi.","public":["ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz","http://xorl.wordpress.com/2009/05/18/cve-2009-0688-cmu-cyrus-sasl-off-by-one-overflow/","http://en.wikipedia.org/w/index.php?title=Base64&oldid=285664115"],"cveids":["CVE-2009-0688"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-04-08T20:14:35Z","publicdate":"2009-04-08T00:00:00Z","datefirstpublished":"2009-05-14T16:08:51Z","dateupdated":"2009-08-26T13:19:04Z","revision":24,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"7","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"10","cam_impact":"7","cam_easeofexploitation":"7","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.0425","cam_scorecurrentwidelyknown":"6.43125","cam_scorecurrentwidelyknownexploited":"10.10625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.0425,"vulnote":null}