CVE-2002-1347
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Desbordamiento de búfer en la librería Cyrus SASL 2.1.9 y anteriores permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante
entradas largas durante la canonización de nombre de usuario
caractéres que necesitan ser escapados durante autenticación LDAP usando saslauth, o
un error por uno en el escritor del log, que no asigna espacio para el carácter nulo que termina la cadena.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2002-12-10 CVE Reserved
- 2002-12-11 CVE Published
- 2024-04-20 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-131: Incorrect Calculation of Buffer Size
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/6347 | Broken Link | |
| http://www.securityfocus.com/bid/6348 | Broken Link | |
| http://www.securityfocus.com/bid/6349 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10810 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10811 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10812 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=103946297703402&w=2 | 2024-02-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cyrusimap Search vendor "Cyrusimap" | Cyrus Sasl Search vendor "Cyrusimap" for product "Cyrus Sasl" | <= 2.1.9 Search vendor "Cyrusimap" for product "Cyrus Sasl" and version " <= 2.1.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.3.8 Search vendor "Apple" for product "Mac Os X" and version " < 10.3.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | < 10.3.8 Search vendor "Apple" for product "Mac Os X Server" and version " < 10.3.8" | - |
Affected
| ||||||