Vulnerabilities > CVE-2019-19906 - Off-by-one Error vulnerability in multiple products

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Vulnerable Configurations

Part	Description	Count
Application	Cyrusimap Cyrusimap Cyrus Sasl 2.1.27	1
Application	Redhat Redhat Jboss Enterprise WEB Server 2.0.0	1
Application	Apache Apache Bookkeeper 4.12.1	1
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0	3
OS	Canonical Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 19.10 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 12.04	5
OS	Fedoraproject Fedoraproject Fedora 31 Fedoraproject Fedora 32	2
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 5.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Server TUS 8.4 Redhat Enterprise Linux EUS 8.4 Redhat Enterprise Linux Server AUS 8.4 Redhat Enterprise Linux Server Update Services FOR SAP Solutions 8.4 Redhat Enterprise Linux FOR Power Little Endian 8.0 Redhat Enterprise Linux FOR IBM Z Systems EUS 8.4 Redhat Enterprise Linux FOR IBM Z Systems 8.0 Redhat Enterprise Linux FOR Power Little Endian EUS 8.4 Redhat Enterprise Linux Server FOR Power Little Endian Update Services FOR SAP Solutions 8.4	13
OS	Apple Apple MAC OS X 10.14.6 Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X 10.5.5 Apple MAC OS X 10.5.6 Apple MAC OS X 10.5.7 Apple MAC OS X 10.5.8 Apple MAC OS X 10.6.0 Apple MAC OS X 10.6.1 Apple MAC OS X 10.6.2 Apple MAC OS X 10.6.3 Apple MAC OS X 10.6.4 Apple MAC OS X 10.6.5 Apple MAC OS X 10.6.6 Apple MAC OS X 10.6.7 Apple MAC OS X 10.6.8 Apple MAC OS X 10.7.0 Apple MAC OS X 10.7.1 Apple MAC OS X 10.7.2 Apple MAC OS X 10.7.3 Apple MAC OS X 10.7.4 Apple MAC OS X 10.7.5 Apple MAC OS X 10.8.0 Apple MAC OS X 10.8.1 Apple MAC OS X 10.8.2 Apple MAC OS X 10.8.3 Apple MAC OS X 10.8.4 Apple MAC OS X 10.8.5 Apple MAC OS X 10.9 Apple MAC OS X 10.9.1 Apple MAC OS X 10.9.2 Apple MAC OS X 10.9.3 Apple MAC OS X 10.9.4 Apple MAC OS X 10.9.5 Apple MAC OS X 10.10.0 Apple MAC OS X 10.10.1 Apple MAC OS X 10.10.2 Apple MAC OS X 10.10.3 Apple MAC OS X 10.10.4 Apple MAC OS X 10.10.5 Apple MAC OS X 10.11.0 Apple MAC OS X 10.11.1 Apple MAC OS X 10.11.2 Apple MAC OS X 10.11.3 Apple MAC OS X 10.11.4 Apple MAC OS X 10.11.5 Apple MAC OS X 10.11.6 Apple MAC OS X 10.12 Apple MAC OS X 10.12.0 Apple MAC OS X 10.12.1 Apple MAC OS X 10.12.2 Apple MAC OS X 10.12.3 Apple MAC OS X 10.12.4 Apple MAC OS X 10.12.5 Apple MAC OS X 10.12.6 Apple MAC OS X 10.13 Apple MAC OS X 10.13.0 Apple MAC OS X 10.13.1 Apple MAC OS X 10.13.2 Apple MAC OS X 10.13.3 Apple MAC OS X 10.13.4 Apple MAC OS X 10.13.5 Apple MAC OS X 10.13.6 Apple MAC OS X 10.15.1 Apple MAC OS X 10.15.2 Apple MAC OS X 10.15.3 Apple MAC OS X 10.15.4 Apple MAC OS X 10.15.5 Apple Iphone OS 13.6 Apple Ipados 13.6	167
OS	Centos Centos Centos 7.0	1

Common Weakness Enumeration (CWE)

CWE-193 - Off-by-one Error

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-2044.NASL
description	There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	132344
published	2019-12-23
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132344
title	Debian DLA-2044-1 : cyrus-sasl2 security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-2044-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(132344); script_version("1.3"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2019-19906"); script_name(english:"Debian DLA-2044-1 : cyrus-sasl2 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. For Debian 8 'Jessie', this problem has been fixed in version 2.1.26.dfsg1-13+deb8u2. We recommend that you upgrade your cyrus-sasl2 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/cyrus-sasl2" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-heimdal-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-mit-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-db"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-heimdal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-mit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sasl2-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-dbg", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-doc", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-heimdal-dbg", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"cyrus-sasl2-mit-dbg", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-2", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-dev", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-db", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-gssapi-heimdal", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-gssapi-mit", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-ldap", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-otp", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libsasl2-modules-sql", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"sasl2-bin", reference:"2.1.26.dfsg1-13+deb8u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-BF829F9A84.NASL
description	Security fix for CVE 2019 19906 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-04-10
modified	2020-04-06
plugin id	135214
published	2020-04-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135214
title	Fedora 31 : cyrus-sasl (2020-bf829f9a84)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-bf829f9a84. # include("compat.inc"); if (description) { script_id(135214); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/08"); script_cve_id("CVE-2019-19906"); script_xref(name:"FEDORA", value:"2020-bf829f9a84"); script_name(english:"Fedora 31 : cyrus-sasl (2020-bf829f9a84)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE 2019 19906 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf829f9a84" ); script_set_attribute( attribute:"solution", value:"Update the affected cyrus-sasl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"cyrus-sasl-2.1.27-3.fc31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1377.NASL
description	According to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2020-04-15
plugin id	135506
published	2020-04-15
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135506
title	EulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2020-1377)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(135506); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2019-19906" ); script_name(english:"EulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2020-1377)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1377 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f02ceaae"); script_set_attribute(attribute:"solution", value: "Update the affected cyrus-sasl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-scram"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["cyrus-sasl-2.1.26-20.h1", "cyrus-sasl-devel-2.1.26-20.h1", "cyrus-sasl-gssapi-2.1.26-20.h1", "cyrus-sasl-lib-2.1.26-20.h1", "cyrus-sasl-md5-2.1.26-20.h1", "cyrus-sasl-plain-2.1.26-20.h1", "cyrus-sasl-scram-2.1.26-20.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1336.NASL
description	According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-04-07
modified	2020-04-02
plugin id	135123
published	2020-04-02
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135123
title	EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(135123); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06"); script_cve_id( "CVE-2019-19906" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1336 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9d1b33b"); script_set_attribute(attribute:"solution", value: "Update the affected cyrus-sasl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["cyrus-sasl-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-gssapi-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-lib-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-md5-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-plain-2.1.27-0.3rc7.h2.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0283_CYRUS.NASL
description	An update of the cyrus package has been released.
last seen	2020-03-17
modified	2020-03-11
plugin id	134425
published	2020-03-11
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134425
title	Photon OS 1.0: Cyrus PHSA-2020-1.0-0283
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-1.0-0283. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(134425); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13"); script_cve_id("CVE-2019-19906"); script_name(english:"Photon OS 1.0: Cyrus PHSA-2020-1.0-0283"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the cyrus package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-283.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cyrus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"cyrus-sasl-2.1.26-11.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"cyrus-sasl-debuginfo-2.1.26-11.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4256-1.NASL
description	It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133352
published	2020-01-30
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133352
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : cyrus-sasl2 vulnerability (USN-4256-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4256-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(133352); script_version("1.2"); script_cvs_date("Date: 2020/02/03"); script_cve_id("CVE-2019-19906"); script_xref(name:"USN", value:"4256-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : cyrus-sasl2 vulnerability (USN-4256-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4256-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libsasl2-2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsasl2-2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04\|16\.04\|18\.04\|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libsasl2-2", pkgver:"2.1.26.dfsg1-14ubuntu0.2")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libsasl2-2", pkgver:"2.1.27~101-g0780600+dfsg-3ubuntu2.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libsasl2-2", pkgver:"2.1.27+dfsg-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsasl2-2"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1145.NASL
description	According to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-03
modified	2020-02-25
plugin id	133979
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133979
title	EulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2020-1145)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(133979); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2019-19906" ); script_name(english:"EulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2020-1145)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1145 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?448fbbc0"); script_set_attribute(attribute:"solution", value: "Update the affected cyrus-sasl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gs2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-ntlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-scram"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["cyrus-sasl-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-devel-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-gs2-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-gssapi-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-ldap-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-lib-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-md5-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-ntlm-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-plain-2.1.27-0.3rc7.h2.eulerosv2r8", "cyrus-sasl-scram-2.1.27-0.3rc7.h2.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4591.NASL
description	Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the library.
last seen	2020-06-01
modified	2020-06-02
plugin id	132347
published	2019-12-23
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132347
title	Debian DSA-4591-1 : cyrus-sasl2 - security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4591. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(132347); script_version("1.3"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2019-19906"); script_xref(name:"DSA", value:"4591"); script_name(english:"Debian DSA-4591-1 : cyrus-sasl2 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the library." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/cyrus-sasl2" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/cyrus-sasl2" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/buster/cyrus-sasl2" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4591" ); script_set_attribute( attribute:"solution", value: "Upgrade the cyrus-sasl2 packages. For the oldstable distribution (stretch), this problem has been fixed in version 2.1.27~101-g0780600+dfsg-3+deb9u1. For the stable distribution (buster), this problem has been fixed in version 2.1.27+dfsg-1+deb10u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"10.0", prefix:"cyrus-sasl2-doc", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-2", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-dev", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-modules", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-modules-db", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-modules-gssapi-heimdal", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-modules-gssapi-mit", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-modules-ldap", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-modules-otp", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libsasl2-modules-sql", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"sasl2-bin", reference:"2.1.27+dfsg-1+deb10u1")) flag++; if (deb_check(release:"9.0", prefix:"cyrus-sasl2-doc", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-2", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-dev", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-modules", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-modules-db", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-modules-gssapi-heimdal", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-modules-gssapi-mit", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-modules-ldap", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-modules-otp", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libsasl2-modules-sql", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"sasl2-bin", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-3_0-0077_CYRUS.NASL
description	An update of the cyrus package has been released.
last seen	2020-04-14
modified	2020-04-10
plugin id	135300
published	2020-04-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135300
title	Photon OS 3.0: Cyrus PHSA-2020-3.0-0077
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-3.0-0077. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(135300); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/13"); script_cve_id("CVE-2019-19906"); script_name(english:"Photon OS 3.0: Cyrus PHSA-2020-3.0-0077"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the cyrus package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-77.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cyrus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 3\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"cyrus-sasl-2.1.26-15.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"cyrus-sasl-debuginfo-2.1.26-15.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References