| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
- - -------------------------------------------------------------------- |
| 5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-10 |
| 6 |
- - -------------------------------------------------------------------- |
| 7 |
|
| 8 |
PACKAGE : cyrus-sasl |
| 9 |
SUMMARY : buffer overflows |
| 10 |
DATE : 2002-12-27 22:12 UTC |
| 11 |
EXPLOIT : remote |
| 12 |
|
| 13 |
- - -------------------------------------------------------------------- |
| 14 |
|
| 15 |
- From advisory: |
| 16 |
|
| 17 |
"Insufficient buffer length checking in user name canonicalization |
| 18 |
may allow attacker to execute arbitrary code on servers using Cyrus |
| 19 |
SASL library. Client side library also has the bug but since the user |
| 20 |
name is asked from the local user, there's probably not many |
| 21 |
applications that care about it, except maybe webmails and the like. |
| 22 |
This overflow only happens if default realm is set." |
| 23 |
|
| 24 |
"LDAP authentication with saslauthd doesn't allocate enough memory |
| 25 |
when it needs to escape characters '*', '(', ')', '\' and '\0' in |
| 26 |
username and realm. This should be easily exploited with glibc's |
| 27 |
malloc implementation." |
| 28 |
|
| 29 |
"Log writer might not have allocated memory for the trailing \0 in |
| 30 |
message. Probably hard to exploit, although you can affect the |
| 31 |
logging data with at least anonymous authentication." |
| 32 |
|
| 33 |
Read the full advisory at |
| 34 |
http://marc.theaimsgroup.com/?l=bugtraq&m=103946297703402&w=2 |
| 35 |
|
| 36 |
SOLUTION |
| 37 |
|
| 38 |
It is recommended that all Gentoo Linux users who are running |
| 39 |
dev-libs/cyrus-sasl-2.1.9 update their systems as follows: |
| 40 |
|
| 41 |
emerge rsync |
| 42 |
emerge cyrus-sasl |
| 43 |
emerge clean |
| 44 |
|
| 45 |
- - -------------------------------------------------------------------- |
| 46 |
aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz |
| 47 |
raker@g.o |
| 48 |
- - -------------------------------------------------------------------- |
| 49 |
-----BEGIN PGP SIGNATURE----- |
| 50 |
Version: GnuPG v1.2.1 (GNU/Linux) |
| 51 |
|
| 52 |
iD8DBQE+DNWlfT7nyhUpoZMRAst/AJ456a3Tiyv4tEBhwQ+7zS36xw0SXwCfaRk1 |
| 53 |
wX8/LuAzB8J0ub8jsIiLN94= |
| 54 |
=0u+r |
| 55 |
-----END PGP SIGNATURE----- |
Archives