Debian: DSA-1807-1: New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution
Summary
James Ralston discovered that the sasl_encode64() function of cyrus-sasl2,
a free library implementing the Simple Authentication and Security Layer,
suffers from a missing null termination in certain situations. This causes
several buffer overflows in situations where cyrus-sasl2 itself requires
the string to be null terminated which can lead to denial of service or
arbitrary code execution.
Important notice (Quoting from US-CERT):
While this patch will fix currently vulnerable code, it can cause
non-vulnerable existing code to break. Here's a function prototype from
include/saslutil.h to clarify my explanation:
/* base64 encode
* in -- input data
* inlen -- input data length
* out -- output buffer (will be NUL terminated)
* outmax -- max size of output buffer
* result:
* outlen -- gets actual length of output buffer (optional)
*
* Returns SASL_OK on success, SASL_BUFOVER if result won't fit
*/
LIBSASL_API int sasl_encode64(const char *in, unsigned inlen,
char *out, unsigned outmax,
unsigned *outlen);
Assume a scenario where calling code has been written in such a way that it
calculates the exact size required for base64 encoding in advance, then
allocates a buffer of that exact size, passing a pointer to the buffer into
sasl_encode64() as *out. As long as this code does not anticipate that the
buffer is NUL-terminated (does not call any string-handling functions like
strlen(), for example) the code will work and it will not be vulnerable.
Once this patch is applied, that same code will break because sasl_encode64()
will begin to return SASL_BUFOVER.
For the oldstable distribution (etch), this problem will be fixed soon.
For the stable distribution (lenny), this problem has been fixed in
version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 1775 510a3befa02a034758711c4bf329082e
Size/MD5 checksum: 76458 85b876ee4b8d33a804f1164d727a5281
Size/MD5 checksum: 1930 6939422cb0ce3455ce5a1a494692fd68
Size/MD5 checksum: 1370731 f196299b2c07f822c8c56db71b7dc7db
Size/MD5 checksum: 1370731 f196299b2c07f822c8c56db71b7dc7db
Size/MD5 checksum: 27834 dae4de4ce221e8d5f9ca9fbc8376f1ba
Architecture independent packages:
Size/MD5 checksum: 104228 c5b2a9dac2683208cbc7fe0aeaf9e276
alpha architecture (DEC Alpha)
Size/MD5 checksum: 84954 9d18b6afabcdb581ba692b0de7abc489
Size/MD5 checksum: 603214 764f256abbe3cfc91a4c0392d79a8262
Size/MD5 checksum: 123794 e2d71664b9f4dbf586366a1ed21e8c23
Size/MD5 checksum: 76294 4e15f169d2b45fa179cdf4a919ab4316
Size/MD5 checksum: 198230 2b8a7bf7981b5f5d999a0a5d671ea401
Size/MD5 checksum: 75114 0da83acb9fbf8b7dc51989cd2c1f3e78
Size/MD5 checksum: 61754 6291c4405e6cbd3507737f866d6a53ee
Size/MD5 checksum: 165322 72628edb29a049c66a31d3ec9678ad89
Size/MD5 checksum: 77222 d68fe70130dd0e59ae91a98d6718d6d7
Size/MD5 checksum: 319558 9c80d311d0c16df5f368708e5a32c6e0
Size/MD5 checksum: 69300 2c83c31dac6f051c8a9879effd293aa8
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 78176 04d539c8841bd7d1307d74cd2c0189f9
Size/MD5 checksum: 114804 110e9007dc74123976337a86e856eaf0
Size/MD5 checksum: 68878 7db9847a4723d6826f7920ae1993906e
Size/MD5 checksum: 69052 84be4bf75f96bae025d2b92735670dfc
Size/MD5 checksum: 67958 d47d4ee189346d1bdf4b00be9cc8dcfb
Size/MD5 checksum: 58050 ea914b6bf177e468c156fe61bd869d41
Size/MD5 checksum: 276504 eaa42b2f795f8fe85ebb5f84d529071c
Size/MD5 checksum: 609428 91d51cc190a79b50b1b5f96d5d5e6b80
Size/MD5 checksum: 156374 48d94aab8c3f98eacebea35824e726e8
Size/MD5 checksum: 163456 05b37316e0811ecbfbda111e5628f2b1
Size/MD5 checksum: 67342 5633875f4f067e8a92860f80fd57d312
arm architecture (ARM)
Size/MD5 checksum: 63788 fe7bd8332cbef2c77cf3dbfd377d878d
Size/MD5 checksum: 265720 fdb983efb59dcba138d20b08d04d9760
Size/MD5 checksum: 106112 a6b6abccd297cab3e5d0bb8af0c7bdc1
Size/MD5 checksum: 573898 24f922a08943d1036ef11c292de130c8
Size/MD5 checksum: 64598 a0e5097fac9b08096848ba18d602a9e6
Size/MD5 checksum: 67706 423ceff082b95c8d355a46d82e0c8b96
Size/MD5 checksum: 73592 3d20e751e51ce1001ecdf74e55756458
Size/MD5 checksum: 65062 3b82a869de27691439188148cd4ce84d
Size/MD5 checksum: 147070 52d2c37432bea8aae2ba23f8f3c4b90c
Size/MD5 checksum: 136654 f11faeafb7502f5eb36361f8c877223d
Size/MD5 checksum: 56716 d2048db8e57059c1c9f2ade3b92ebc1f
armel architecture (ARM EABI)
Size/MD5 checksum: 56706 ccbe00612c14d8cb7c46ceec1a523f93
Size/MD5 checksum: 67902 c8f859a00df9b06e08e0e3f405fb5b7f
Size/MD5 checksum: 575992 15d54bf1d6026698c453b8c3995742e3
Size/MD5 checksum: 74912 47b6aac13a77bdb5fbe7d9c6585d5036
Size/MD5 checksum: 144840 fa380ab748a1ffe5975b97b78b2c0416
Size/MD5 checksum: 63884 00ff7248bca7acf9b704baaf90d0689e
Size/MD5 checksum: 64708 92616d18849b68029919d313679b1c82
Size/MD5 checksum: 263854 263639282e6004454c5b33c71b9647d4
Size/MD5 checksum: 104616 a276680084df232510cc4bc617055a18
Size/MD5 checksum: 143942 57e4a79481797f0c32f60401ee1237de
Size/MD5 checksum: 63678 2eda7c4085a8f6877ce8061f907b2ad1
hppa architecture (HP PA RISC)
Size/MD5 checksum: 80276 d024aad3a3d2d790b0ab5f826af132eb
Size/MD5 checksum: 71646 00212830b9715ceda5eb01d1aaa57402
Size/MD5 checksum: 159494 fd9c8f622178e39834bcadfef091c736
Size/MD5 checksum: 71444 b93c7dae5ae9405b35cd2c41e7253c07
Size/MD5 checksum: 172492 207dc3d84027fc346d90d7810e588a64
Size/MD5 checksum: 294572 9be25532614ae62163e2b635061fe628
Size/MD5 checksum: 61040 25d4df1f36f401f985bf931f46b64781
Size/MD5 checksum: 70710 eb2a5d507bf152da6c36322fc70f449c
Size/MD5 checksum: 68282 f4e90c409355887a3c1fdae2471e386b
Size/MD5 checksum: 588948 4a74364ca6307b066927f26525ff0fdb
Size/MD5 checksum: 118338 f0a1c2c0dd52f0a4d26f3abd4d5309ad
i386 architecture (Intel ia32)
Size/MD5 checksum: 57462 5ebb116b052de64d4c7014c1ae14e267
Size/MD5 checksum: 259252 ae246a06589d3e2779627c6d3a39eb78
Size/MD5 checksum: 64212 e3f9fe64851978336fe8ef915ec7b826
Size/MD5 checksum: 67634 8ad13d8d15d19d1dba507e4db3026c54
Size/MD5 checksum: 145828 dd6dc6e38f07c36d8c0bbdac20f9eee5
Size/MD5 checksum: 575092 fa8a679ad9aa118404834e3c46a6acbf
Size/MD5 checksum: 75366 cc8dc458e34dda7c3de4f70279a3105c
Size/MD5 checksum: 64160 51d92ff406fde2abd21e6080be6bf3a3
Size/MD5 checksum: 105514 36ce7fca9761b6f4dd8b94fa5a67b396
Size/MD5 checksum: 146610 f1447794b61c530605a2da75829f62ba
Size/MD5 checksum: 65456 ecd58a3ccf79672c2ce00fe7a7b161c7
ia64 architecture (Intel ia64)
Size/MD5 checksum: 67580 ece86227d7eace47ab16237e915b3fec
Size/MD5 checksum: 91958 6536d489a5b387070c87fda3d6a928a3
Size/MD5 checksum: 68352 b8532fb79679952018fc9e46fb3ae9e9
Size/MD5 checksum: 341402 8424c2421afe1140c7c2a0ee472ad8a5
Size/MD5 checksum: 83024 4aacfaec8c8f15081db9655ef1050832
Size/MD5 checksum: 149060 90993f31514099790278be32aa5e6614
Size/MD5 checksum: 187396 2fcf8a48bfe03ec3aff87cd75f232ff3
Size/MD5 checksum: 243462 264bddaa5766aeb444d03b40eb4d7fa1
Size/MD5 checksum: 568004 e5fc8d3bdb48f173cf1586e6d55e5bf6
Size/MD5 checksum: 79706 8e11ab18902532dfd516fdeb35093312
Size/MD5 checksum: 82078 0a29e217ca95d171305ed53615b7aeb7
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 104880 5863587f4ebdfc8d2accb92c43975770
Size/MD5 checksum: 155770 46cc9b8f9907b607d2029b25a2d5176b
Size/MD5 checksum: 68930 52fbafb17a0b36cd4f4ced0257963d00
Size/MD5 checksum: 67240 0c00396d4af872fbd68435ce37f5b91f
Size/MD5 checksum: 57308 3655fa5d350a36a6e7ac7e15c487c67c
Size/MD5 checksum: 77244 901ab9aa01ee8f36ea0c4ae8b9b01384
Size/MD5 checksum: 68074 6228a649cc3c0af4278709d81a85691f
Size/MD5 checksum: 153862 390c96e802a795ac507d8b97d250b9bc
Size/MD5 checksum: 603738 bd9e9352b83c7151718a0b28e8f4d58b
Size/MD5 checksum: 287770 a810f916805a6c3622eecf55bac38d88
Size/MD5 checksum: 67072 b8d4429a81ee151f53417dbf4e2af658
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 593356 6610f0434f090ac4da1c9d31141ff5e8
Size/MD5 checksum: 67462 6139841e9d8c59b4da4ab38c7518a0ca
Size/MD5 checksum: 68504 69adbead8bd79767a9de0f4b0354306e
Size/MD5 checksum: 67572 b0dadb218ba13c6fcb2cd9771b392289
Size/MD5 checksum: 77924 1426b53e89f0771dd89e0916fa5315b8
Size/MD5 checksum: 108728 0a5e4d5a5fa93992198c14fa4a018e8d
Size/MD5 checksum: 68454 b4d4b2b12789d6c1b9b55547bd23289f
Size/MD5 checksum: 164172 1b1ceb3737ab04fb22bd4a4d20e5f4c0
Size/MD5 checksum: 57758 b1af996db05522ffe582fc776132fe9f
Size/MD5 checksum: 287940 fb18899c8acd1a3fb9cfb2950c2a0786
Size/MD5 checksum: 155390 923b0df689d8546f64d9e94668e1a8c0
powerpc architecture (PowerPC)
Size/MD5 checksum: 119716 64acba5b3c822aeea5d92acdbe13cdf5
Size/MD5 checksum: 70260 55506c65fcb75c975d634e72ca57b499
Size/MD5 checksum: 70536 e2dd4053970203b291fc0064e3fc7e4f
Size/MD5 checksum: 625910 b49078c416463d3e6fe9e1abaa857ad7
Size/MD5 checksum: 71772 e73ebc9e9f7b3f957b22dbbed7af487c
Size/MD5 checksum: 185506 6e31ca4fc06dd38ce754b84f608b0018
Size/MD5 checksum: 170426 564ade009cd10f03ec390d51a18b1bc6
Size/MD5 checksum: 71610 e5db62f80f8a909dec79e7926db1c43a
Size/MD5 checksum: 281752 5595cab6b86610d4f41f648584091c24
Size/MD5 checksum: 61528 a4d2292554728724b07549d4e4ba9abd
Size/MD5 checksum: 79702 cac4d2488861483529067e5bf3e57cfa
s390 architecture (IBM S/390)
Size/MD5 checksum: 66690 a52cee912cf1f46018d8ed8c54ccf9b6
Size/MD5 checksum: 604082 0f8f8838bc5d8487de8a8b23ecb17329
Size/MD5 checksum: 112752 890c4b70503ab1bb94fbc0d43d6c7328
Size/MD5 checksum: 68984 ab0d3fc56183cd0ff319cdac869b9251
Size/MD5 checksum: 77658 d7e99571c7bfa56fbf753b1f69a48935
Size/MD5 checksum: 67948 e6e7ab2c5fc90b575896e11acdb227b4
Size/MD5 checksum: 166632 a98fd5a59024bd1a2bdd1fb60e692d02
Size/MD5 checksum: 67832 31291b7faa6591eb93d8879389a00360
Size/MD5 checksum: 157992 66a99b49a60c0e82d0d92d112d381c2e
Size/MD5 checksum: 58868 a663ebf059cf987c9949878d0efc7dfc
Size/MD5 checksum: 273358 2b4557d2cf8f639984a44dfe6a889b2c
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 144494 08996d7a2ba0f2ff53abd41245b4f352
Size/MD5 checksum: 137850 394ff90e509d13b822d5ed0cddc2ea27
Size/MD5 checksum: 102142 4739d9c336e9f8173147eb222353ff7a
Size/MD5 checksum: 63600 39aa7cbabf1e395d297bc9636402f5a7
Size/MD5 checksum: 62582 88bd4a20e17255314a5dd788bbb02f86
Size/MD5 checksum: 261038 003e8ca005174a442e1271a04d6c885f
Size/MD5 checksum: 55826 1439ea1b2401eefd06cdd608a9559fa6
Size/MD5 checksum: 62976 6c75a70e425e2032975c46634c404591
Size/MD5 checksum: 65428 9b2b3189c39972e611bc180fd5aa6ba1
Size/MD5 checksum: 535118 407f26e926701d7a0008522aa5da27bb
Size/MD5 checksum: 74926 f2b2c0957166e2196404efbbf9413bfb
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
