Vulnerabilities > CVE-2005-0373 - Remote And Local vulnerability in Cyrus SASL

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2004-10-07

Updated: 2017-07-11

Summary

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Cyrus Cyrus Sasl 1.5.24 Cyrus Sasl 1.5.27 Cyrus Sasl 1.5.28 Cyrus Sasl 2.1.9 Cyrus Sasl 2.1.10 Cyrus Sasl 2.1.11 Cyrus Sasl 2.1.12 Cyrus Sasl 2.1.13 Cyrus Sasl 2.1.14 Cyrus Sasl 2.1.15 Cyrus Sasl 2.1.16 Cyrus Sasl 2.1.17 Cyrus Sasl 2.1.18 Cyrus Sasl 2.1.18_R1	14
Application	Openpkg Openpkg Openpkg 2.1 Openpkg Openpkg 2.2	2
Application	Suse Suse Suse Cvsup 16.1H_36.I586	1
OS	Conectiva Conectiva Linux 9.0 Conectiva Linux 10.0	2
OS	Apple Apple MAC OS X 10.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X Server 10.0 Apple MAC OS X Server 10.1 Apple MAC OS X Server 10.1.1 Apple MAC OS X Server 10.1.2 Apple MAC OS X Server 10.1.3 Apple MAC OS X Server 10.1.4 Apple MAC OS X Server 10.1.5 Apple MAC OS X Server 10.2 Apple MAC OS X Server 10.2.1 Apple MAC OS X Server 10.2.2 Apple MAC OS X Server 10.2.3 Apple MAC OS X Server 10.2.4 Apple MAC OS X Server 10.2.5 Apple MAC OS X Server 10.2.6 Apple MAC OS X Server 10.2.7 Apple MAC OS X Server 10.2.8 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5 Apple MAC OS X Server 10.3.6 Apple MAC OS X Server 10.3.7 Apple MAC OS X Server 10.3.8	54
OS	Redhat Redhat Fedora Core Core_1.0	1
OS	Suse Suse Suse Linux 1.0 Suse Suse Linux 8.0 Suse Suse Linux 8.1 Suse Suse Linux 8.2 Suse Suse Linux 9.0 Suse Suse Linux 9.1 Suse Suse Linux 9.2	12

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2005_013.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2005:013 (cyrus-sasl,cyrus-sasl2). cyrus-sasl is a library providing authentication services. A buffer overflow in the digestmda5 code was identified that could lead to a remote attacker executing code in the context of the service using sasl authentication. This is tracked by the Mitre CVE ID CVE-2005-0373.
last seen	2020-06-01
modified	2020-06-02
plugin id	17271
published	2005-03-04
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17271
title	SUSE-SA:2005:013: cyrus-sasl,cyrus-sasl2
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:013 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(17271); script_version ("1.10"); script_cve_id("CVE-2005-0373"); name["english"] = "SUSE-SA:2005:013: cyrus-sasl,cyrus-sasl2"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:013 (cyrus-sasl,cyrus-sasl2). cyrus-sasl is a library providing authentication services. A buffer overflow in the digestmda5 code was identified that could lead to a remote attacker executing code in the context of the service using sasl authentication. This is tracked by the Mitre CVE ID CVE-2005-0373." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_13_cyrus_sasl.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/04"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the cyrus-sasl,cyrus-sasl2 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"cyrus-sasl2-2.1.12-66", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-sasl-2.1.15-109", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-sasl-2.1.18-33.8", release:"SUSE9.1") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"cyrus-sasl-", release:"SUSE8.2") \|\| rpm_exists(rpm:"cyrus-sasl-", release:"SUSE9.0") \|\| rpm_exists(rpm:"cyrus-sasl-", release:"SUSE9.1") ) { set_kb_item(name:"CVE-2005-0373", value:TRUE); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200410-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-200410-05 (Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities) Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a vulnerability in the way the SASL_PATH environment variable is honored (CAN-2004-0884). Impact : An attacker might be able to execute arbitrary code with the Effective ID of the application calling the Cyrus-SASL libraries. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	15431
published	2004-10-07
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15431
title	GLSA-200410-05 : Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200410-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15431); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0884", "CVE-2005-0373"); script_xref(name:"GLSA", value:"200410-05"); script_name(english:"GLSA-200410-05 : Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200410-05 (Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities) Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a vulnerability in the way the SASL_PATH environment variable is honored (CAN-2004-0884). Impact : An attacker might be able to execute arbitrary code with the Effective ID of the application calling the Cyrus-SASL libraries. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200410-05" ); script_set_attribute( attribute:"solution", value: "All Cyrus-SASL users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=dev-libs/cyrus-sasl-2.1.18-r2' # emerge '>=dev-libs/cyrus-sasl-2.1.18-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/07"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/cyrus-sasl", unaffected:make_list("ge 2.1.18-r2"), vulnerable:make_list("le 2.1.18-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Cyrus-SASL"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-106.NASL
description	A vulnerability was discovered in the libsasl library of cyrus-sasl. libsasl honors the SASL_PATH environment variable blindly, which could allow a local user to create a malicious
last seen	2020-06-01
modified	2020-06-02
plugin id	15435
published	2004-10-08
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15435
title	Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2004:106)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:106. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(15435); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0884", "CVE-2005-0373"); script_xref(name:"MDKSA", value:"2004:106"); script_name(english:"Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2004:106)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in the libsasl library of cyrus-sasl. libsasl honors the SASL_PATH environment variable blindly, which could allow a local user to create a malicious 'library' that would get executed with the effective ID of SASL when anything calls libsasl. The provided packages are patched to protect against this vulnerability." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-anonymous"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-crammd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-digestmd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-login"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-ntlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-sasldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-srp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-anonymous"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-crammd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-digestmd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-login"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-ntlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-sasldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-srp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"cyrus-sasl-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-devel-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-anonymous-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-crammd5-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-gssapi-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-login-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-ntlm-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-otp-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-plain-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-sasldb-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-srp-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-devel-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-anonymous-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-crammd5-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-digestmd5-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-gssapi-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-login-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-ntlm-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-otp-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-plain-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-sasldb-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-srp-2.1.15-10.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"cyrus-sasl-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-devel-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-anonymous-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-crammd5-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-digestmd5-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-gssapi-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-login-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-ntlm-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-otp-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-plain-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-sasldb-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64sasl2-plug-srp-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-devel-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-anonymous-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-crammd5-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-digestmd5-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-gssapi-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-login-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-ntlm-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-otp-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-plain-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-sasldb-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libsasl2-plug-srp-2.1.15-4.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-054.NASL
description	A buffer overflow was discovered in cyrus-sasl
last seen	2020-06-01
modified	2020-06-02
plugin id	17332
published	2005-03-16
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17332
title	Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2005:054)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:054. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(17332); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-0373"); script_xref(name:"MDKSA", value:"2005:054"); script_name(english:"Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2005:054)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow was discovered in cyrus-sasl's digestmd5 code. This could lead to a remote attacker executing code in the context of the service using SASL authentication. This vulnerability was fixed upstream in version 2.1.19. The updated packages are patched to deal with this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-anonymous"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-crammd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-digestmd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-login"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-ntlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-sasldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sasl2-plug-srp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-anonymous"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-crammd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-digestmd5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-login"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-ntlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-sasldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsasl2-plug-srp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"cyrus-sasl-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-devel-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-anonymous-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-crammd5-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-digestmd5-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-gssapi-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-login-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-ntlm-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-otp-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-plain-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-sasldb-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64sasl2-plug-srp-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-devel-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-anonymous-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-crammd5-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-digestmd5-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-gssapi-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-login-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-ntlm-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-otp-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-plain-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-sasldb-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsasl2-plug-srp-2.1.15-10.2.100mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-563.NASL
description	This advisory is an addition to DSA 563-1 and 563-2 which weren
last seen	2020-06-01
modified	2020-06-02
plugin id	15661
published	2004-11-10
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15661
title	Debian DSA-563-3 : cyrus-sasl - unsanitised input
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-563. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15661); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0884", "CVE-2005-0373"); script_xref(name:"DSA", value:"563"); script_name(english:"Debian DSA-563-3 : cyrus-sasl - unsanitised input"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "This advisory is an addition to DSA 563-1 and 563-2 which weren't able to supersede the library on sparc and arm due to a different version number for them in the stable archive. Other architectures were updated properly. Another problem was reported in connection with sendmail, though, which should be fixed with this update as well." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275498" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-563" ); script_set_attribute( attribute:"solution", value: "Upgrade the libsasl packages. For the stable distribution (woody) this problem has been fixed in version 1.5.27-3.1woody5. For reference the advisory text follows : A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/10"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libsasl-dev", reference:"1.5.27-3.1woody5")) flag++; if (deb_check(release:"3.0", prefix:"libsasl-digestmd5-plain", reference:"1.5.27-3.1woody5")) flag++; if (deb_check(release:"3.0", prefix:"libsasl-modules-plain", reference:"1.5.27-3.1woody5")) flag++; if (deb_check(release:"3.0", prefix:"libsasl7", reference:"1.5.27-3.1woody5")) flag++; if (deb_check(release:"3.0", prefix:"sasl-bin", reference:"1.5.27-3.1woody5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-568.NASL
description	A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application. The MIT version of the Cyrus implementation of the SASL library provides bindings against MIT GSSAPI and MIT Kerberos4.
last seen	2020-06-01
modified	2020-06-02
plugin id	15666
published	2004-11-10
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15666
title	Debian DSA-568-1 : cyrus-sasl-mit - unsanitised input
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-568. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15666); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0884", "CVE-2005-0373"); script_xref(name:"DSA", value:"568"); script_name(english:"Debian DSA-568-1 : cyrus-sasl-mit - unsanitised input"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application. The MIT version of the Cyrus implementation of the SASL library provides bindings against MIT GSSAPI and MIT Kerberos4." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275498" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-568" ); script_set_attribute( attribute:"solution", value: "Upgrade the libsasl packages. For the stable distribution (woody) this problem has been fixed in version 1.5.24-15woody3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl-mit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/10"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libsasl-gssapi-mit", reference:"1.5.24-15woody3")) flag++; if (deb_check(release:"3.0", prefix:"libsasl-krb4-mit", reference:"1.5.24-15woody3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of Cyrus SASL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.