Debian: DSA-1807-1: New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution

    Date 01 Jun 2009
    Posted By LinuxSecurity Advisories
    James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires
    Hash: SHA1
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-1807-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                                 Nico Golde
    June 1st, 2009                
    - --------------------------------------------------------------------------
    Package        : cyrus-sasl2, cyrus-sasl2-heimdal
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    Debian bug     : 528749
    CERT advisory  : VU#238019
    CVE ID         : CVE-2009-0688
    James Ralston discovered that the sasl_encode64() function of cyrus-sasl2,
    a free library implementing the Simple Authentication and Security Layer,
    suffers from a missing null termination in certain situations.  This causes
    several buffer overflows in situations where cyrus-sasl2 itself requires
    the string to be null terminated which can lead to denial of service or
    arbitrary code execution.
    Important notice (Quoting from US-CERT):
    While this patch will fix currently vulnerable code, it can cause
    non-vulnerable existing code to break. Here's a function prototype from
    include/saslutil.h to clarify my explanation:
    /* base64 encode
    * in -- input data
    * inlen -- input data length
    * out -- output buffer (will be NUL terminated)
    * outmax -- max size of output buffer
    * result:
    * outlen -- gets actual length of output buffer (optional)
    * Returns SASL_OK on success, SASL_BUFOVER if result won't fit
    LIBSASL_API int sasl_encode64(const char *in, unsigned inlen,
    char *out, unsigned outmax,
    unsigned *outlen);
    Assume a scenario where calling code has been written in such a way that it
    calculates the exact size required for base64 encoding in advance, then
    allocates a buffer of that exact size, passing a pointer to the buffer into
    sasl_encode64() as *out. As long as this code does not anticipate that the
    buffer is NUL-terminated (does not call any string-handling functions like
    strlen(), for example) the code will work and it will not be vulnerable.
    Once this patch is applied, that same code will break because sasl_encode64()
    will begin to return SASL_BUFOVER.
    For the oldstable distribution (etch), this problem will be fixed soon.
    For the stable distribution (lenny), this problem has been fixed in
    version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
    For the testing distribution (squeeze), this problem will be fixed soon.
    For the unstable distribution (sid), this problem has been fixed in
    version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
    We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     1775 510a3befa02a034758711c4bf329082e
        Size/MD5 checksum:    76458 85b876ee4b8d33a804f1164d727a5281
        Size/MD5 checksum:     1930 6939422cb0ce3455ce5a1a494692fd68
        Size/MD5 checksum:  1370731 f196299b2c07f822c8c56db71b7dc7db
        Size/MD5 checksum:  1370731 f196299b2c07f822c8c56db71b7dc7db
        Size/MD5 checksum:    27834 dae4de4ce221e8d5f9ca9fbc8376f1ba
    Architecture independent packages:
        Size/MD5 checksum:   104228 c5b2a9dac2683208cbc7fe0aeaf9e276
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:    84954 9d18b6afabcdb581ba692b0de7abc489
        Size/MD5 checksum:   603214 764f256abbe3cfc91a4c0392d79a8262
        Size/MD5 checksum:   123794 e2d71664b9f4dbf586366a1ed21e8c23
        Size/MD5 checksum:    76294 4e15f169d2b45fa179cdf4a919ab4316
        Size/MD5 checksum:   198230 2b8a7bf7981b5f5d999a0a5d671ea401
        Size/MD5 checksum:    75114 0da83acb9fbf8b7dc51989cd2c1f3e78
        Size/MD5 checksum:    61754 6291c4405e6cbd3507737f866d6a53ee
        Size/MD5 checksum:   165322 72628edb29a049c66a31d3ec9678ad89
        Size/MD5 checksum:    77222 d68fe70130dd0e59ae91a98d6718d6d7
        Size/MD5 checksum:   319558 9c80d311d0c16df5f368708e5a32c6e0
        Size/MD5 checksum:    69300 2c83c31dac6f051c8a9879effd293aa8
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    78176 04d539c8841bd7d1307d74cd2c0189f9
        Size/MD5 checksum:   114804 110e9007dc74123976337a86e856eaf0
        Size/MD5 checksum:    68878 7db9847a4723d6826f7920ae1993906e
        Size/MD5 checksum:    69052 84be4bf75f96bae025d2b92735670dfc
        Size/MD5 checksum:    67958 d47d4ee189346d1bdf4b00be9cc8dcfb
        Size/MD5 checksum:    58050 ea914b6bf177e468c156fe61bd869d41
        Size/MD5 checksum:   276504 eaa42b2f795f8fe85ebb5f84d529071c
        Size/MD5 checksum:   609428 91d51cc190a79b50b1b5f96d5d5e6b80
        Size/MD5 checksum:   156374 48d94aab8c3f98eacebea35824e726e8
        Size/MD5 checksum:   163456 05b37316e0811ecbfbda111e5628f2b1
        Size/MD5 checksum:    67342 5633875f4f067e8a92860f80fd57d312
    arm architecture (ARM)
        Size/MD5 checksum:    63788 fe7bd8332cbef2c77cf3dbfd377d878d
        Size/MD5 checksum:   265720 fdb983efb59dcba138d20b08d04d9760
        Size/MD5 checksum:   106112 a6b6abccd297cab3e5d0bb8af0c7bdc1
        Size/MD5 checksum:   573898 24f922a08943d1036ef11c292de130c8
        Size/MD5 checksum:    64598 a0e5097fac9b08096848ba18d602a9e6
        Size/MD5 checksum:    67706 423ceff082b95c8d355a46d82e0c8b96
        Size/MD5 checksum:    73592 3d20e751e51ce1001ecdf74e55756458
        Size/MD5 checksum:    65062 3b82a869de27691439188148cd4ce84d
        Size/MD5 checksum:   147070 52d2c37432bea8aae2ba23f8f3c4b90c
        Size/MD5 checksum:   136654 f11faeafb7502f5eb36361f8c877223d
        Size/MD5 checksum:    56716 d2048db8e57059c1c9f2ade3b92ebc1f
    armel architecture (ARM EABI)
        Size/MD5 checksum:    56706 ccbe00612c14d8cb7c46ceec1a523f93
        Size/MD5 checksum:    67902 c8f859a00df9b06e08e0e3f405fb5b7f
        Size/MD5 checksum:   575992 15d54bf1d6026698c453b8c3995742e3
        Size/MD5 checksum:    74912 47b6aac13a77bdb5fbe7d9c6585d5036
        Size/MD5 checksum:   144840 fa380ab748a1ffe5975b97b78b2c0416
        Size/MD5 checksum:    63884 00ff7248bca7acf9b704baaf90d0689e
        Size/MD5 checksum:    64708 92616d18849b68029919d313679b1c82
        Size/MD5 checksum:   263854 263639282e6004454c5b33c71b9647d4
        Size/MD5 checksum:   104616 a276680084df232510cc4bc617055a18
        Size/MD5 checksum:   143942 57e4a79481797f0c32f60401ee1237de
        Size/MD5 checksum:    63678 2eda7c4085a8f6877ce8061f907b2ad1
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:    80276 d024aad3a3d2d790b0ab5f826af132eb
        Size/MD5 checksum:    71646 00212830b9715ceda5eb01d1aaa57402
        Size/MD5 checksum:   159494 fd9c8f622178e39834bcadfef091c736
        Size/MD5 checksum:    71444 b93c7dae5ae9405b35cd2c41e7253c07
        Size/MD5 checksum:   172492 207dc3d84027fc346d90d7810e588a64
        Size/MD5 checksum:   294572 9be25532614ae62163e2b635061fe628
        Size/MD5 checksum:    61040 25d4df1f36f401f985bf931f46b64781
        Size/MD5 checksum:    70710 eb2a5d507bf152da6c36322fc70f449c
        Size/MD5 checksum:    68282 f4e90c409355887a3c1fdae2471e386b
        Size/MD5 checksum:   588948 4a74364ca6307b066927f26525ff0fdb
        Size/MD5 checksum:   118338 f0a1c2c0dd52f0a4d26f3abd4d5309ad
    i386 architecture (Intel ia32)
        Size/MD5 checksum:    57462 5ebb116b052de64d4c7014c1ae14e267
        Size/MD5 checksum:   259252 ae246a06589d3e2779627c6d3a39eb78
        Size/MD5 checksum:    64212 e3f9fe64851978336fe8ef915ec7b826
        Size/MD5 checksum:    67634 8ad13d8d15d19d1dba507e4db3026c54
        Size/MD5 checksum:   145828 dd6dc6e38f07c36d8c0bbdac20f9eee5
        Size/MD5 checksum:   575092 fa8a679ad9aa118404834e3c46a6acbf
        Size/MD5 checksum:    75366 cc8dc458e34dda7c3de4f70279a3105c
        Size/MD5 checksum:    64160 51d92ff406fde2abd21e6080be6bf3a3
        Size/MD5 checksum:   105514 36ce7fca9761b6f4dd8b94fa5a67b396
        Size/MD5 checksum:   146610 f1447794b61c530605a2da75829f62ba
        Size/MD5 checksum:    65456 ecd58a3ccf79672c2ce00fe7a7b161c7
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:    67580 ece86227d7eace47ab16237e915b3fec
        Size/MD5 checksum:    91958 6536d489a5b387070c87fda3d6a928a3
        Size/MD5 checksum:    68352 b8532fb79679952018fc9e46fb3ae9e9
        Size/MD5 checksum:   341402 8424c2421afe1140c7c2a0ee472ad8a5
        Size/MD5 checksum:    83024 4aacfaec8c8f15081db9655ef1050832
        Size/MD5 checksum:   149060 90993f31514099790278be32aa5e6614
        Size/MD5 checksum:   187396 2fcf8a48bfe03ec3aff87cd75f232ff3
        Size/MD5 checksum:   243462 264bddaa5766aeb444d03b40eb4d7fa1
        Size/MD5 checksum:   568004 e5fc8d3bdb48f173cf1586e6d55e5bf6
        Size/MD5 checksum:    79706 8e11ab18902532dfd516fdeb35093312
        Size/MD5 checksum:    82078 0a29e217ca95d171305ed53615b7aeb7
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   104880 5863587f4ebdfc8d2accb92c43975770
        Size/MD5 checksum:   155770 46cc9b8f9907b607d2029b25a2d5176b
        Size/MD5 checksum:    68930 52fbafb17a0b36cd4f4ced0257963d00
        Size/MD5 checksum:    67240 0c00396d4af872fbd68435ce37f5b91f
        Size/MD5 checksum:    57308 3655fa5d350a36a6e7ac7e15c487c67c
        Size/MD5 checksum:    77244 901ab9aa01ee8f36ea0c4ae8b9b01384
        Size/MD5 checksum:    68074 6228a649cc3c0af4278709d81a85691f
        Size/MD5 checksum:   153862 390c96e802a795ac507d8b97d250b9bc
        Size/MD5 checksum:   603738 bd9e9352b83c7151718a0b28e8f4d58b
        Size/MD5 checksum:   287770 a810f916805a6c3622eecf55bac38d88
        Size/MD5 checksum:    67072 b8d4429a81ee151f53417dbf4e2af658
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   593356 6610f0434f090ac4da1c9d31141ff5e8
        Size/MD5 checksum:    67462 6139841e9d8c59b4da4ab38c7518a0ca
        Size/MD5 checksum:    68504 69adbead8bd79767a9de0f4b0354306e
        Size/MD5 checksum:    67572 b0dadb218ba13c6fcb2cd9771b392289
        Size/MD5 checksum:    77924 1426b53e89f0771dd89e0916fa5315b8
        Size/MD5 checksum:   108728 0a5e4d5a5fa93992198c14fa4a018e8d
        Size/MD5 checksum:    68454 b4d4b2b12789d6c1b9b55547bd23289f
        Size/MD5 checksum:   164172 1b1ceb3737ab04fb22bd4a4d20e5f4c0
        Size/MD5 checksum:    57758 b1af996db05522ffe582fc776132fe9f
        Size/MD5 checksum:   287940 fb18899c8acd1a3fb9cfb2950c2a0786
        Size/MD5 checksum:   155390 923b0df689d8546f64d9e94668e1a8c0
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   119716 64acba5b3c822aeea5d92acdbe13cdf5
        Size/MD5 checksum:    70260 55506c65fcb75c975d634e72ca57b499
        Size/MD5 checksum:    70536 e2dd4053970203b291fc0064e3fc7e4f
        Size/MD5 checksum:   625910 b49078c416463d3e6fe9e1abaa857ad7
        Size/MD5 checksum:    71772 e73ebc9e9f7b3f957b22dbbed7af487c
        Size/MD5 checksum:   185506 6e31ca4fc06dd38ce754b84f608b0018
        Size/MD5 checksum:   170426 564ade009cd10f03ec390d51a18b1bc6
        Size/MD5 checksum:    71610 e5db62f80f8a909dec79e7926db1c43a
        Size/MD5 checksum:   281752 5595cab6b86610d4f41f648584091c24
        Size/MD5 checksum:    61528 a4d2292554728724b07549d4e4ba9abd
        Size/MD5 checksum:    79702 cac4d2488861483529067e5bf3e57cfa
    s390 architecture (IBM S/390)
        Size/MD5 checksum:    66690 a52cee912cf1f46018d8ed8c54ccf9b6
        Size/MD5 checksum:   604082 0f8f8838bc5d8487de8a8b23ecb17329
        Size/MD5 checksum:   112752 890c4b70503ab1bb94fbc0d43d6c7328
        Size/MD5 checksum:    68984 ab0d3fc56183cd0ff319cdac869b9251
        Size/MD5 checksum:    77658 d7e99571c7bfa56fbf753b1f69a48935
        Size/MD5 checksum:    67948 e6e7ab2c5fc90b575896e11acdb227b4
        Size/MD5 checksum:   166632 a98fd5a59024bd1a2bdd1fb60e692d02
        Size/MD5 checksum:    67832 31291b7faa6591eb93d8879389a00360
        Size/MD5 checksum:   157992 66a99b49a60c0e82d0d92d112d381c2e
        Size/MD5 checksum:    58868 a663ebf059cf987c9949878d0efc7dfc
        Size/MD5 checksum:   273358 2b4557d2cf8f639984a44dfe6a889b2c
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   144494 08996d7a2ba0f2ff53abd41245b4f352
        Size/MD5 checksum:   137850 394ff90e509d13b822d5ed0cddc2ea27
        Size/MD5 checksum:   102142 4739d9c336e9f8173147eb222353ff7a
        Size/MD5 checksum:    63600 39aa7cbabf1e395d297bc9636402f5a7
        Size/MD5 checksum:    62582 88bd4a20e17255314a5dd788bbb02f86
        Size/MD5 checksum:   261038 003e8ca005174a442e1271a04d6c885f
        Size/MD5 checksum:    55826 1439ea1b2401eefd06cdd608a9559fa6
        Size/MD5 checksum:    62976 6c75a70e425e2032975c46634c404591
        Size/MD5 checksum:    65428 9b2b3189c39972e611bc180fd5aa6ba1
        Size/MD5 checksum:   535118 407f26e926701d7a0008522aa5da27bb
        Size/MD5 checksum:    74926 f2b2c0957166e2196404efbbf9413bfb
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"3","type":"x","order":"2","pct":42.86,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200


    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.