Summary: | <dev-libs/cyrus-sasl-2.1.23 sasl_encode64() Buffer overflow (CVE-2009-0688) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Conrad Kostecki <conikost> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.kb.cert.org/vuls/id/238019 | ||
Whiteboard: | A1? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Conrad Kostecki
2009-05-18 09:23:19 UTC
Quoting CERT: The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function. II. Impact A remote attacker might be able to execute code, or cause any programs relying on SASL to crash or be unavailable. Note that the new release has changed ABI without changing SONAME revisions properly. This might lead to crashes in existing code. 2.1.23 is in CVS. It's p.masked for now - it needs more testing (only thing i could test so far is the berkdb backend). CVE-2009-0688 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0688): Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. (In reply to comment #3) > 2.1.23 is in CVS. It's p.masked for now - it needs more testing (only thing i > could test so far is the berkdb backend). > and now unmasked. Let's call arches on the 10th. Arches, please test and mark stable: =dev-libs/cyrus-sasl-2.1.23 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" * Applying cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ... * Failed Patch: cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ! * ( /var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/23295.patch ) * * Include in your bugreport the contents of: * * /var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz-23295.out * (In reply to comment #8) > * Applying cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ... I think the "support" in USE=ntlm_unsupported_patch means "security support". ;) (In reply to comment #8) > * Applying cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ... > > * Failed Patch: cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ! > * ( /var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/23295.patch ) > * > * Include in your bugreport the contents of: > * > * > /var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz-23295.out > > * > There's a bug about that, i'll try to fix it soonish (well, it worked for me?!?!? - *shrugs*) Stable for HPPA. (In reply to comment #10) > There's a bug about that, i'll try to fix it soonish (well, it worked for > me?!?!? - *shrugs*) > Fixed in CVS. (In reply to comment #12) > (In reply to comment #10) > > There's a bug about that, i'll try to fix it soonish (well, it worked for > > me?!?!? - *shrugs*) > > > > Fixed in CVS. > I cannot find that fix. (In reply to comment #13) > I cannot find that fix. Args. Now it's really fixed. Stable on alpha. x86 stable ppc64 done ppc done amd64 done arm/ia64/s390/sh/sparc stable GLSA 200907-09 |