1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - -------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-10 |
6 |
- - -------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : cyrus-sasl |
9 |
SUMMARY : buffer overflows |
10 |
DATE : 2002-12-27 22:12 UTC |
11 |
EXPLOIT : remote |
12 |
|
13 |
- - -------------------------------------------------------------------- |
14 |
|
15 |
- From advisory: |
16 |
|
17 |
"Insufficient buffer length checking in user name canonicalization |
18 |
may allow attacker to execute arbitrary code on servers using Cyrus |
19 |
SASL library. Client side library also has the bug but since the user |
20 |
name is asked from the local user, there's probably not many |
21 |
applications that care about it, except maybe webmails and the like. |
22 |
This overflow only happens if default realm is set." |
23 |
|
24 |
"LDAP authentication with saslauthd doesn't allocate enough memory |
25 |
when it needs to escape characters '*', '(', ')', '\' and '\0' in |
26 |
username and realm. This should be easily exploited with glibc's |
27 |
malloc implementation." |
28 |
|
29 |
"Log writer might not have allocated memory for the trailing \0 in |
30 |
message. Probably hard to exploit, although you can affect the |
31 |
logging data with at least anonymous authentication." |
32 |
|
33 |
Read the full advisory at |
34 |
http://marc.theaimsgroup.com/?l=bugtraq&m=103946297703402&w=2 |
35 |
|
36 |
SOLUTION |
37 |
|
38 |
It is recommended that all Gentoo Linux users who are running |
39 |
dev-libs/cyrus-sasl-2.1.9 update their systems as follows: |
40 |
|
41 |
emerge rsync |
42 |
emerge cyrus-sasl |
43 |
emerge clean |
44 |
|
45 |
- - -------------------------------------------------------------------- |
46 |
aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz |
47 |
raker@g.o |
48 |
- - -------------------------------------------------------------------- |
49 |
-----BEGIN PGP SIGNATURE----- |
50 |
Version: GnuPG v1.2.1 (GNU/Linux) |
51 |
|
52 |
iD8DBQE+DNWlfT7nyhUpoZMRAst/AJ456a3Tiyv4tEBhwQ+7zS36xw0SXwCfaRk1 |
53 |
wX8/LuAzB8J0ub8jsIiLN94= |
54 |
=0u+r |
55 |
-----END PGP SIGNATURE----- |