Denial of service in Cyrus SASL



Published: 2019-12-23 | Updated: 2022-02-08
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-19906
CWE-ID CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cyrus SASL
Server applications / Mail servers

Vendor Carnegie Mellon University

Security Bulletin

This security bulletin contains information about 1 vulnerabilities.

Updated 08.02.2022

Added fixed version.

1) Out-of-bounds write

EUVDB-ID: #VU23796

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19906

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds write error when processing LDAP queries within the _sasl_add_string() function in common.c file in cyrus-sasl. A remote non-authenticated attacker can create a specially LDAP request to the affected server, trigger off-by-one error in OpenLDAP implementation and crash the service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cyrus SASL: 2.1.23 - 2.1.27


CPE2.3 External links

http://github.com/cyrusimap/cyrus-sasl/issues/587
http://lists.debian.org/debian-lts-announce/2019/12/msg00027.html
http://www.debian.org/security/2019/dsa-4591
http://www.openldap.org/its/index.cgi/Incoming?id=9123

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###