{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cyrus-sasl-logwriter-bo(10812)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812"}, {"name": "SuSE-SA:2002:048", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html"}, {"name": "000557", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557"}, {"name": "6349", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6349"}, {"name": "20021209 Cyrus SASL library buffer overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=103946297703402&w=2"}, {"name": "DSA-215", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2002/dsa-215"}, {"name": "cyrus-sasl-saslauthd-bo(10811)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811"}, {"name": "6348", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6348"}, {"name": "APPLE-SA-2005-03-21", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"}, {"name": "6347", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6347"}, {"name": "200212-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.securityfocus.com/advisories/4826"}, {"name": "cyrus-sasl-username-bo(10810)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810"}, {"name": "RHSA-2002:283", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-283.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1347", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cyrus-sasl-logwriter-bo(10812)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812"}, {"name": "SuSE-SA:2002:048", "refsource": "SUSE", "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html"}, {"name": "000557", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557"}, {"name": "6349", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6349"}, {"name": "20021209 Cyrus SASL library buffer overflows", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=103946297703402&w=2"}, {"name": "DSA-215", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-215"}, {"name": "cyrus-sasl-saslauthd-bo(10811)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811"}, {"name": "6348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6348"}, {"name": "APPLE-SA-2005-03-21", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"}, {"name": "6347", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6347"}, {"name": "200212-10", "refsource": "GENTOO", "url": "http://www.securityfocus.com/advisories/4826"}, {"name": "cyrus-sasl-username-bo(10810)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810"}, {"name": "RHSA-2002:283", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-283.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:19:28.611Z"}, "title": "CVE Program Container", "references": [{"name": "cyrus-sasl-logwriter-bo(10812)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812"}, {"name": "SuSE-SA:2002:048", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html"}, {"name": "000557", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557"}, {"name": "6349", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6349"}, {"name": "20021209 Cyrus SASL library buffer overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=103946297703402&w=2"}, {"name": "DSA-215", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2002/dsa-215"}, {"name": "cyrus-sasl-saslauthd-bo(10811)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811"}, {"name": "6348", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6348"}, {"name": "APPLE-SA-2005-03-21", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"}, {"name": "6347", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6347"}, {"name": "200212-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.securityfocus.com/advisories/4826"}, {"name": "cyrus-sasl-username-bo(10810)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810"}, {"name": "RHSA-2002:283", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-283.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1347", "datePublished": "2002-12-11T05:00:00", "dateReserved": "2002-12-10T00:00:00", "dateUpdated": "2024-08-08T03:19:28.611Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cyrusimap:cyrus_sasl:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A309C1F-0137-4CCF-B438-1CE6719A547A", "versionEndIncluding": "2.1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "9290FC8C-8362-4595-A859-044D5FE848D0", "versionEndExcluding": "10.3.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB201A37-9EA9-46B4-A799-4DCC5326E88D", "versionEndExcluding": "10.3.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la librer\u00eda Cyrus SASL 2.1.9 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante\r\n\r\nentradas largas durante la canonizaci\u00f3n de nombre de usuario\r\ncaract\u00e9res que necesitan ser escapados durante autenticaci\u00f3n LDAP usando saslauth, o\r\nun error por uno en el escritor del log, que no asigna espacio para el car\u00e1cter nulo que termina la cadena."}], "id": "CVE-2002-1347", "lastModified": "2024-02-02T03:05:42.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2002-12-18T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "http://marc.info/?l=bugtraq&m=103946297703402&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.debian.org/security/2002/dsa-215"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2002-283.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/advisories/4826"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/6347"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/6348"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/6349"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2002:283", "cpe": "cpe:/o:redhat:linux:8.0", "product_name": "Red Hat Linux 8.0", "release_date": "2003-01-07T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1616880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616880"}, "csaw": false, "details": ["Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string."], "name": "CVE-2002-1347", "public_date": "2002-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2002-1347\nhttps://nvd.nist.gov/vuln/detail/CVE-2002-1347"]}