Vulnerabilities > CVE-2001-0869
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| OS | 1 | |
| OS | 2 | |
| OS | 4 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2002-018.NASL |
| description | Kari Hurtta discovered that a format bug exists in the Cyrus SASL library, which is used to provide an authentication API for mail clients and servers, as well as other services such as LDAP. The format bug was found in one of the logging functions which could be used by an attacker to obtain access to a machine or to possibly acquire elevated privileges. Thanks to the SuSE security team for providing the fix. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 13926 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/13926 |
| title | Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2002:018) |
Redhat
| advisories |
|
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000444
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:018
- http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3
- http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt
- http://www.redhat.com/support/errata/RHSA-2001-150.html
- http://www.redhat.com/support/errata/RHSA-2001-151.html
- http://www.securityfocus.com/bid/3498
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7443