ISS X-Force Database: cyrus-sasl-format-string(7443): Cyrus-SASL library internal logging function format string

Cyrus-SASL library internal logging function format string

cyrus-sasl-format-string (7443)

High Risk

Description:

Carnegie Mellon University's Cyrus-SASL library is vulnerable to a format string attack in the internal logging function. A remote attacker can pass a specially-crafted command to syslog, and inject format specifiers into a log message, to execute arbitrary commands on the system with privileges of the SASL server.

Consequences:

Gain Privileges

Remedy:

Upgrade to the latest version of Cyrus-SASL (1.5.27 or later), available from the Carnegie Mellon University FTP site. See References.

For Caldera OpenLinux Server and Workstation 3.1:
Upgrade to the latest version of libsasl (1.5.24-4 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-040.0. See References.

For SuSE Linux 7.0 (Intel):
Upgrade to the latest version of sasl (1.5.21-79 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.1 and 7.3 (Intel):
Upgrade to the latest version of cyrus-sasl (1.5.24-157 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.2 (Intel):
Upgrade to the latest version of cyrus-sasl (1.5.24-158 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.0 (Sparc):
Upgrade to the latest version of sasl (1.5.21-30 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.1 (Sparc):
Upgrade to the latest version of cyrus-sasl (1.5.24-70 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.0 (AXP Alpha):
Upgrade to the latest version of sasl (1.5.21-82 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.1 (AXP Alpha):
Upgrade to the latest version of cyrus-sasl (1.5.24-62 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.0 (PPC Power PC):
Upgrade to the latest version of sasl (1.5.21-30 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For SuSE Linux 7.1 and 7.3 (PPC Power PC):
Upgrade to the latest version of cyrus-sasl (1.5.24-92 or later), as listed in SuSE Security Announcement SuSE-SA:2001:042. See References.

For Mandrake Linux 8.0:
Upgrade to the latest version of cyrus-sasl (1.5.27-2.2mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:018 : cyrus-sasl. See References.

For Mandrake Linux 8.1:
Upgrade to the latest version of cyrus-sasl (1.5.27-2.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:018 : cyrus-sasl. See References.

For FreeBSD Ports Collection (prior to 2002-12-19):
Upgrade to the latest version of the cyrus-sasl port (1.5.24_ or later), as listed in FreeBSD Inc. Security Advisory FreeBSD-SA-02:15. See References.

For Conectiva Linux 6.0:
Upgrade to the latest version of sasl (1.5.24-15U60_1cl or later), as listed in Conectiva Linux Announcement CLSA-2001:444. See References.

For Conectiva Linux 7.0:
Upgrade to the latest version of sasl (1.5.24-15U70_1cl or later), as listed in Conectiva Linux Announcement CLSA-2001:444. See References.

For other distributions:
Contact vendor for patch or upgrade information.

References:

Andrew Bugzilla: Bugzilla Bug 326.
BugTraq Mailing List, Thu Nov 01 2001 - 00:55:07 CST: Formatting string bug on cyrus-sasl library.
Caldera International, Inc. Security Advisory CSSA-2001-040.0: Linux - Format String Problem in Cyrus-SASL.
Carnegie Mellon University FTP site: /pub/cyrus-mail/.
Conectiva Linux Announcement CLSA-2001:444: sasl format string vulnerability.
FreeBSD Security Advisory FreeBSD-SA-02:15: cyrus-sasl library contains format string vulnerability.
SuSE Security Announcement SuSE-SA:2001:042: cyrus-sasl.
BID-3498: Cyrus-SASL Syslog Format String Vulnerability
CVE-2001-0869: Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
MDKSA-2002:018: Updated cyrus-sasl packages fix format string vulnerability
RHSA-2001-150: Updated Cyrus SASL packages available
RHSA-2001-151: Updated Cyrus SASL packages available

Platforms Affected:

Carnegie Mellon University Cyrus-SASL 1.5.26
Conectiva Linux 6.0
Conectiva Linux 7.0
FreeBSD FreeBSD Ports Collection
MandrakeSoft Mandrake Linux 8.0
MandrakeSoft Mandrake Linux 8.1
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux Powertools 6.2
SCO Caldera OpenLinux Server 3.1
SCO Caldera OpenLinux Workstation 3.1
SUSE SuSE Linux 7.0
SUSE SuSE Linux 7.1
SUSE SuSE Linux 7.2
SUSE SuSE Linux 7.3

Reported:

Nov 01, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page