Vulnerabilities > CVE-2002-2043 - Authentication Patch SQL Command Execution vulnerability in Cyrus SASL LDAP+MySQL

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
cyrus

Summary

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.

Vulnerable Configurations

Part Description Count
Application
Cyrus
2

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementNot vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.