Vulnerabilities > CVE-2013-4122 - Numeric Errors vulnerability in CMU Cyrus-Sasl
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 | |
| Application | Gnu
| 24 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2755-1.NASL description It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86219 published 2015-10-01 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86219 title Ubuntu 15.04 : cyrus-sasl2 vulnerability (USN-2755-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2755-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(86219); script_version("2.6"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2013-4122"); script_xref(name:"USN", value:"2755-1"); script_name(english:"Ubuntu 15.04 : cyrus-sasl2 vulnerability (USN-2755-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2755-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libsasl2-2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsasl2-2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 15.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"15.04", pkgname:"libsasl2-2", pkgver:"2.1.26.dfsg1-13ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsasl2-2"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1988-1.NASL description It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 70367 published 2013-10-10 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70367 title Ubuntu 13.04 : cyrus-sasl2 vulnerability (USN-1988-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1988-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(70367); script_version("1.7"); script_cvs_date("Date: 2019/09/19 12:54:29"); script_cve_id("CVE-2013-4122"); script_bugtraq_id(61164); script_xref(name:"USN", value:"1988-1"); script_name(english:"Ubuntu 13.04 : cyrus-sasl2 vulnerability (USN-1988-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1988-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libsasl2-2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsasl2-2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(13\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 13.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"13.04", pkgname:"libsasl2-2", pkgver:"2.1.25.dfsg1-6ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsasl2-2"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-338.NASL description Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. last seen 2020-06-01 modified 2020-06-02 plugin id 78281 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78281 title Amazon Linux AMI : cyrus-sasl (ALAS-2014-338) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-338. # include("compat.inc"); if (description) { script_id(78281); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2013-4122"); script_xref(name:"ALAS", value:"2014-338"); script_name(english:"Amazon Linux AMI : cyrus-sasl (ALAS-2014-338)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-338.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update cyrus-sasl' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-md5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-ntlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cyrus-sasl-sql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"cyrus-sasl-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-debuginfo-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-devel-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-gssapi-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-ldap-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-lib-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-md5-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-ntlm-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-plain-2.1.23-13.14.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"cyrus-sasl-sql-2.1.23-13.14.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl / cyrus-sasl-debuginfo / cyrus-sasl-devel / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-01.NASL description The remote host is affected by the vulnerability described in GLSA-201309-01 (Cyrus-SASL: Denial of Service) In the GNU C Library (glibc) from version 2.17 onwards, the crypt() function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed password is passed. When Cyrus-SASL’s authentication mechanisms call crypt(), a NULL may be returned. Impact : A remote attacker could trigger this vulnerability to cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 69538 published 2013-09-02 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69538 title GLSA-201309-01 : Cyrus-SASL: Denial of Service code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-01. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(69538); script_version("1.11"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2013-4122"); script_bugtraq_id(61164); script_xref(name:"GLSA", value:"201309-01"); script_name(english:"GLSA-201309-01 : Cyrus-SASL: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-01 (Cyrus-SASL: Denial of Service) In the GNU C Library (glibc) from version 2.17 onwards, the crypt() function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed password is passed. When Cyrus-SASL’s authentication mechanisms call crypt(), a NULL may be returned. Impact : A remote attacker could trigger this vulnerability to cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-01" ); script_set_attribute( attribute:"solution", value: "All Cyrus-SASL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/cyrus-sasl-2.1.26-r3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/cyrus-sasl", unaffected:make_list("ge 2.1.26-r3"), vulnerable:make_list("lt 2.1.26-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Cyrus-SASL"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1173.NASL description According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.i1/4^CVE-2013-4122i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123859 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123859 title EulerOS Virtualization 2.5.3 : cyrus-sasl (EulerOS-SA-2019-1173) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123859); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19"); script_cve_id( "CVE-2013-4122" ); script_bugtraq_id( 61164 ); script_name(english:"EulerOS Virtualization 2.5.3 : cyrus-sasl (EulerOS-SA-2019-1173)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.i1/4^CVE-2013-4122i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1173 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3624dd00"); script_set_attribute(attribute:"solution", value: "Update the affected cyrus-sasl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["cyrus-sasl-2.1.26-20", "cyrus-sasl-gssapi-2.1.26-20", "cyrus-sasl-lib-2.1.26-20", "cyrus-sasl-md5-2.1.26-20", "cyrus-sasl-plain-2.1.26-20"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3368.NASL description It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 86157 published 2015-09-28 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86157 title Debian DSA-3368-1 : cyrus-sasl2 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3368. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(86157); script_version("2.2"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2013-4122"); script_xref(name:"DSA", value:"3368"); script_name(english:"Debian DSA-3368-1 : cyrus-sasl2 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784112" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/cyrus-sasl2" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3368" ); script_set_attribute( attribute:"solution", value: "Upgrade the cyrus-sasl2 packages. For the stable distribution (jessie), this problem has been fixed in version 2.1.26.dfsg1-13+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-dbg", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-doc", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-heimdal-dbg", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-mit-dbg", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-2", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-dev", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-db", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-gssapi-heimdal", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-gssapi-mit", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-ldap", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-otp", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-sql", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"sasl2-bin", reference:"2.1.26.dfsg1-13+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2013-4122 F5 ARX Series是F5公司开发的智能文件存储管理解决方案。 F5 ARX Series相关的ARX管理配置工具所使用的Cyrus SASL存在安全漏洞,允许远程攻击者利用漏洞提交特殊请求执行拒绝服务攻击。使用LDAP或者Kerberos进行用户验证的系统受此漏洞影响。 0 F5 ARX Series 6.x 目前没有详细解决方案提供: http://support.f5.com/kb/en-us/products/arx.html |
| id | SSV:61356 |
| last seen | 2017-11-19 |
| modified | 2014-01-20 |
| published | 2014-01-20 |
| reporter | Root |
| title | F5 ARX Series Cyrus SASL空指针引用漏洞 |
References
- http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
- http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
- http://security.gentoo.org/glsa/glsa-201309-01.xml
- http://security.gentoo.org/glsa/glsa-201309-01.xml
- http://www.debian.org/security/2015/dsa-3368
- http://www.debian.org/security/2015/dsa-3368
- http://www.openwall.com/lists/oss-security/2013/07/12/3
- http://www.openwall.com/lists/oss-security/2013/07/12/3
- http://www.openwall.com/lists/oss-security/2013/07/12/6
- http://www.openwall.com/lists/oss-security/2013/07/12/6
- http://www.openwall.com/lists/oss-security/2013/07/13/1
- http://www.openwall.com/lists/oss-security/2013/07/13/1
- http://www.openwall.com/lists/oss-security/2013/07/15/1
- http://www.openwall.com/lists/oss-security/2013/07/15/1
- http://www.ubuntu.com/usn/USN-2755-1
- http://www.ubuntu.com/usn/USN-2755-1
- https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/
- https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/