Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1807-1: New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution

    Date 01 Jun 2009
    Posted By LinuxSecurity Advisories
    James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires
    Hash: SHA1
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-1807-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                                 Nico Golde
    June 1st, 2009                
    - --------------------------------------------------------------------------
    Package        : cyrus-sasl2, cyrus-sasl2-heimdal
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    Debian bug     : 528749
    CERT advisory  : VU#238019
    CVE ID         : CVE-2009-0688
    James Ralston discovered that the sasl_encode64() function of cyrus-sasl2,
    a free library implementing the Simple Authentication and Security Layer,
    suffers from a missing null termination in certain situations.  This causes
    several buffer overflows in situations where cyrus-sasl2 itself requires
    the string to be null terminated which can lead to denial of service or
    arbitrary code execution.
    Important notice (Quoting from US-CERT):
    While this patch will fix currently vulnerable code, it can cause
    non-vulnerable existing code to break. Here's a function prototype from
    include/saslutil.h to clarify my explanation:
    /* base64 encode
    * in -- input data
    * inlen -- input data length
    * out -- output buffer (will be NUL terminated)
    * outmax -- max size of output buffer
    * result:
    * outlen -- gets actual length of output buffer (optional)
    * Returns SASL_OK on success, SASL_BUFOVER if result won't fit
    LIBSASL_API int sasl_encode64(const char *in, unsigned inlen,
    char *out, unsigned outmax,
    unsigned *outlen);
    Assume a scenario where calling code has been written in such a way that it
    calculates the exact size required for base64 encoding in advance, then
    allocates a buffer of that exact size, passing a pointer to the buffer into
    sasl_encode64() as *out. As long as this code does not anticipate that the
    buffer is NUL-terminated (does not call any string-handling functions like
    strlen(), for example) the code will work and it will not be vulnerable.
    Once this patch is applied, that same code will break because sasl_encode64()
    will begin to return SASL_BUFOVER.
    For the oldstable distribution (etch), this problem will be fixed soon.
    For the stable distribution (lenny), this problem has been fixed in
    version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
    For the testing distribution (squeeze), this problem will be fixed soon.
    For the unstable distribution (sid), this problem has been fixed in
    version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
    We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     1775 510a3befa02a034758711c4bf329082e
        Size/MD5 checksum:    76458 85b876ee4b8d33a804f1164d727a5281
        Size/MD5 checksum:     1930 6939422cb0ce3455ce5a1a494692fd68
        Size/MD5 checksum:  1370731 f196299b2c07f822c8c56db71b7dc7db
        Size/MD5 checksum:  1370731 f196299b2c07f822c8c56db71b7dc7db
        Size/MD5 checksum:    27834 dae4de4ce221e8d5f9ca9fbc8376f1ba
    Architecture independent packages:
        Size/MD5 checksum:   104228 c5b2a9dac2683208cbc7fe0aeaf9e276
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:    84954 9d18b6afabcdb581ba692b0de7abc489
        Size/MD5 checksum:   603214 764f256abbe3cfc91a4c0392d79a8262
        Size/MD5 checksum:   123794 e2d71664b9f4dbf586366a1ed21e8c23
        Size/MD5 checksum:    76294 4e15f169d2b45fa179cdf4a919ab4316
        Size/MD5 checksum:   198230 2b8a7bf7981b5f5d999a0a5d671ea401
        Size/MD5 checksum:    75114 0da83acb9fbf8b7dc51989cd2c1f3e78
        Size/MD5 checksum:    61754 6291c4405e6cbd3507737f866d6a53ee
        Size/MD5 checksum:   165322 72628edb29a049c66a31d3ec9678ad89
        Size/MD5 checksum:    77222 d68fe70130dd0e59ae91a98d6718d6d7
        Size/MD5 checksum:   319558 9c80d311d0c16df5f368708e5a32c6e0
        Size/MD5 checksum:    69300 2c83c31dac6f051c8a9879effd293aa8
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    78176 04d539c8841bd7d1307d74cd2c0189f9
        Size/MD5 checksum:   114804 110e9007dc74123976337a86e856eaf0
        Size/MD5 checksum:    68878 7db9847a4723d6826f7920ae1993906e
        Size/MD5 checksum:    69052 84be4bf75f96bae025d2b92735670dfc
        Size/MD5 checksum:    67958 d47d4ee189346d1bdf4b00be9cc8dcfb
        Size/MD5 checksum:    58050 ea914b6bf177e468c156fe61bd869d41
        Size/MD5 checksum:   276504 eaa42b2f795f8fe85ebb5f84d529071c
        Size/MD5 checksum:   609428 91d51cc190a79b50b1b5f96d5d5e6b80
        Size/MD5 checksum:   156374 48d94aab8c3f98eacebea35824e726e8
        Size/MD5 checksum:   163456 05b37316e0811ecbfbda111e5628f2b1
        Size/MD5 checksum:    67342 5633875f4f067e8a92860f80fd57d312
    arm architecture (ARM)
        Size/MD5 checksum:    63788 fe7bd8332cbef2c77cf3dbfd377d878d
        Size/MD5 checksum:   265720 fdb983efb59dcba138d20b08d04d9760
        Size/MD5 checksum:   106112 a6b6abccd297cab3e5d0bb8af0c7bdc1
        Size/MD5 checksum:   573898 24f922a08943d1036ef11c292de130c8
        Size/MD5 checksum:    64598 a0e5097fac9b08096848ba18d602a9e6
        Size/MD5 checksum:    67706 423ceff082b95c8d355a46d82e0c8b96
        Size/MD5 checksum:    73592 3d20e751e51ce1001ecdf74e55756458
        Size/MD5 checksum:    65062 3b82a869de27691439188148cd4ce84d
        Size/MD5 checksum:   147070 52d2c37432bea8aae2ba23f8f3c4b90c
        Size/MD5 checksum:   136654 f11faeafb7502f5eb36361f8c877223d
        Size/MD5 checksum:    56716 d2048db8e57059c1c9f2ade3b92ebc1f
    armel architecture (ARM EABI)
        Size/MD5 checksum:    56706 ccbe00612c14d8cb7c46ceec1a523f93
        Size/MD5 checksum:    67902 c8f859a00df9b06e08e0e3f405fb5b7f
        Size/MD5 checksum:   575992 15d54bf1d6026698c453b8c3995742e3
        Size/MD5 checksum:    74912 47b6aac13a77bdb5fbe7d9c6585d5036
        Size/MD5 checksum:   144840 fa380ab748a1ffe5975b97b78b2c0416
        Size/MD5 checksum:    63884 00ff7248bca7acf9b704baaf90d0689e
        Size/MD5 checksum:    64708 92616d18849b68029919d313679b1c82
        Size/MD5 checksum:   263854 263639282e6004454c5b33c71b9647d4
        Size/MD5 checksum:   104616 a276680084df232510cc4bc617055a18
        Size/MD5 checksum:   143942 57e4a79481797f0c32f60401ee1237de
        Size/MD5 checksum:    63678 2eda7c4085a8f6877ce8061f907b2ad1
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:    80276 d024aad3a3d2d790b0ab5f826af132eb
        Size/MD5 checksum:    71646 00212830b9715ceda5eb01d1aaa57402
        Size/MD5 checksum:   159494 fd9c8f622178e39834bcadfef091c736
        Size/MD5 checksum:    71444 b93c7dae5ae9405b35cd2c41e7253c07
        Size/MD5 checksum:   172492 207dc3d84027fc346d90d7810e588a64
        Size/MD5 checksum:   294572 9be25532614ae62163e2b635061fe628
        Size/MD5 checksum:    61040 25d4df1f36f401f985bf931f46b64781
        Size/MD5 checksum:    70710 eb2a5d507bf152da6c36322fc70f449c
        Size/MD5 checksum:    68282 f4e90c409355887a3c1fdae2471e386b
        Size/MD5 checksum:   588948 4a74364ca6307b066927f26525ff0fdb
        Size/MD5 checksum:   118338 f0a1c2c0dd52f0a4d26f3abd4d5309ad
    i386 architecture (Intel ia32)
        Size/MD5 checksum:    57462 5ebb116b052de64d4c7014c1ae14e267
        Size/MD5 checksum:   259252 ae246a06589d3e2779627c6d3a39eb78
        Size/MD5 checksum:    64212 e3f9fe64851978336fe8ef915ec7b826
        Size/MD5 checksum:    67634 8ad13d8d15d19d1dba507e4db3026c54
        Size/MD5 checksum:   145828 dd6dc6e38f07c36d8c0bbdac20f9eee5
        Size/MD5 checksum:   575092 fa8a679ad9aa118404834e3c46a6acbf
        Size/MD5 checksum:    75366 cc8dc458e34dda7c3de4f70279a3105c
        Size/MD5 checksum:    64160 51d92ff406fde2abd21e6080be6bf3a3
        Size/MD5 checksum:   105514 36ce7fca9761b6f4dd8b94fa5a67b396
        Size/MD5 checksum:   146610 f1447794b61c530605a2da75829f62ba
        Size/MD5 checksum:    65456 ecd58a3ccf79672c2ce00fe7a7b161c7
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:    67580 ece86227d7eace47ab16237e915b3fec
        Size/MD5 checksum:    91958 6536d489a5b387070c87fda3d6a928a3
        Size/MD5 checksum:    68352 b8532fb79679952018fc9e46fb3ae9e9
        Size/MD5 checksum:   341402 8424c2421afe1140c7c2a0ee472ad8a5
        Size/MD5 checksum:    83024 4aacfaec8c8f15081db9655ef1050832
        Size/MD5 checksum:   149060 90993f31514099790278be32aa5e6614
        Size/MD5 checksum:   187396 2fcf8a48bfe03ec3aff87cd75f232ff3
        Size/MD5 checksum:   243462 264bddaa5766aeb444d03b40eb4d7fa1
        Size/MD5 checksum:   568004 e5fc8d3bdb48f173cf1586e6d55e5bf6
        Size/MD5 checksum:    79706 8e11ab18902532dfd516fdeb35093312
        Size/MD5 checksum:    82078 0a29e217ca95d171305ed53615b7aeb7
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   104880 5863587f4ebdfc8d2accb92c43975770
        Size/MD5 checksum:   155770 46cc9b8f9907b607d2029b25a2d5176b
        Size/MD5 checksum:    68930 52fbafb17a0b36cd4f4ced0257963d00
        Size/MD5 checksum:    67240 0c00396d4af872fbd68435ce37f5b91f
        Size/MD5 checksum:    57308 3655fa5d350a36a6e7ac7e15c487c67c
        Size/MD5 checksum:    77244 901ab9aa01ee8f36ea0c4ae8b9b01384
        Size/MD5 checksum:    68074 6228a649cc3c0af4278709d81a85691f
        Size/MD5 checksum:   153862 390c96e802a795ac507d8b97d250b9bc
        Size/MD5 checksum:   603738 bd9e9352b83c7151718a0b28e8f4d58b
        Size/MD5 checksum:   287770 a810f916805a6c3622eecf55bac38d88
        Size/MD5 checksum:    67072 b8d4429a81ee151f53417dbf4e2af658
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   593356 6610f0434f090ac4da1c9d31141ff5e8
        Size/MD5 checksum:    67462 6139841e9d8c59b4da4ab38c7518a0ca
        Size/MD5 checksum:    68504 69adbead8bd79767a9de0f4b0354306e
        Size/MD5 checksum:    67572 b0dadb218ba13c6fcb2cd9771b392289
        Size/MD5 checksum:    77924 1426b53e89f0771dd89e0916fa5315b8
        Size/MD5 checksum:   108728 0a5e4d5a5fa93992198c14fa4a018e8d
        Size/MD5 checksum:    68454 b4d4b2b12789d6c1b9b55547bd23289f
        Size/MD5 checksum:   164172 1b1ceb3737ab04fb22bd4a4d20e5f4c0
        Size/MD5 checksum:    57758 b1af996db05522ffe582fc776132fe9f
        Size/MD5 checksum:   287940 fb18899c8acd1a3fb9cfb2950c2a0786
        Size/MD5 checksum:   155390 923b0df689d8546f64d9e94668e1a8c0
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   119716 64acba5b3c822aeea5d92acdbe13cdf5
        Size/MD5 checksum:    70260 55506c65fcb75c975d634e72ca57b499
        Size/MD5 checksum:    70536 e2dd4053970203b291fc0064e3fc7e4f
        Size/MD5 checksum:   625910 b49078c416463d3e6fe9e1abaa857ad7
        Size/MD5 checksum:    71772 e73ebc9e9f7b3f957b22dbbed7af487c
        Size/MD5 checksum:   185506 6e31ca4fc06dd38ce754b84f608b0018
        Size/MD5 checksum:   170426 564ade009cd10f03ec390d51a18b1bc6
        Size/MD5 checksum:    71610 e5db62f80f8a909dec79e7926db1c43a
        Size/MD5 checksum:   281752 5595cab6b86610d4f41f648584091c24
        Size/MD5 checksum:    61528 a4d2292554728724b07549d4e4ba9abd
        Size/MD5 checksum:    79702 cac4d2488861483529067e5bf3e57cfa
    s390 architecture (IBM S/390)
        Size/MD5 checksum:    66690 a52cee912cf1f46018d8ed8c54ccf9b6
        Size/MD5 checksum:   604082 0f8f8838bc5d8487de8a8b23ecb17329
        Size/MD5 checksum:   112752 890c4b70503ab1bb94fbc0d43d6c7328
        Size/MD5 checksum:    68984 ab0d3fc56183cd0ff319cdac869b9251
        Size/MD5 checksum:    77658 d7e99571c7bfa56fbf753b1f69a48935
        Size/MD5 checksum:    67948 e6e7ab2c5fc90b575896e11acdb227b4
        Size/MD5 checksum:   166632 a98fd5a59024bd1a2bdd1fb60e692d02
        Size/MD5 checksum:    67832 31291b7faa6591eb93d8879389a00360
        Size/MD5 checksum:   157992 66a99b49a60c0e82d0d92d112d381c2e
        Size/MD5 checksum:    58868 a663ebf059cf987c9949878d0efc7dfc
        Size/MD5 checksum:   273358 2b4557d2cf8f639984a44dfe6a889b2c
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   144494 08996d7a2ba0f2ff53abd41245b4f352
        Size/MD5 checksum:   137850 394ff90e509d13b822d5ed0cddc2ea27
        Size/MD5 checksum:   102142 4739d9c336e9f8173147eb222353ff7a
        Size/MD5 checksum:    63600 39aa7cbabf1e395d297bc9636402f5a7
        Size/MD5 checksum:    62582 88bd4a20e17255314a5dd788bbb02f86
        Size/MD5 checksum:   261038 003e8ca005174a442e1271a04d6c885f
        Size/MD5 checksum:    55826 1439ea1b2401eefd06cdd608a9559fa6
        Size/MD5 checksum:    62976 6c75a70e425e2032975c46634c404591
        Size/MD5 checksum:    65428 9b2b3189c39972e611bc180fd5aa6ba1
        Size/MD5 checksum:   535118 407f26e926701d7a0008522aa5da27bb
        Size/MD5 checksum:    74926 f2b2c0957166e2196404efbbf9413bfb
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.