CVE-2002-1347: Buffer Overflow
First published: Wed Dec 11 2002(Updated: )
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cyrus SASL | <=2.1.9 | |
| Cyrus SASL | <=2.1.9 | |
| Apple iOS and macOS | <10.3.8 | |
| Apple macOS Server | <10.3.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2002-283.html
- http://www.securityfocus.com/advisories/4826
- http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html
- http://www.securityfocus.com/bid/6347
- http://www.securityfocus.com/bid/6348
- http://www.securityfocus.com/bid/6349
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
- http://www.debian.org/security/2002/dsa-215
- http://marc.info/?l=bugtraq&m=103946297703402&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10812
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10811
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10810
Frequently Asked Questions
What is the severity of CVE-2002-1347?
CVE-2002-1347 is considered to have a medium severity due to its potential for causing denial of service and possible execution of arbitrary code.
How do I fix CVE-2002-1347?
To fix CVE-2002-1347, upgrade to a version of the Cyrus SASL library that is later than 2.1.9.
What software is affected by CVE-2002-1347?
CVE-2002-1347 affects the Cyrus SASL library versions 2.1.9 and earlier, including various implementations on macOS and Apple servers.
What kind of attacks can exploit CVE-2002-1347?
CVE-2002-1347 can be exploited through buffer overflow attacks that manipulate input during user name canonicalization and LDAP authentication.
Is CVE-2002-1347 still a relevant vulnerability?
Although CVE-2002-1347 was disclosed in 2002, outdated systems that still use affected versions may still be vulnerable.
- collector/nvd-historical
- vendor/cyrus
- product/sasl
- canonical/cyrus sasl
- collector/nvd-index
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- version/cyrus sasl/2.1.9
- vendor/cyrusimap
- vendor/apple
- canonical/apple ios and macos
- canonical/apple macos server