CVE-2009-0688
CVE-2009-0688
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gzhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://osvdb.org/54514http://osvdb.org/54515http://secunia.com/advisories/35094http://secunia.com/advisories/35097http://secunia.com/advisories/35102http://secunia.com/advisories/35206http://secunia.com/advisories/35239http://secunia.com/advisories/35321http://secunia.com/advisories/35416