Cyrus SASL Remote Buffer Overflow Vulnerability

Summary
This host has installed Cyrus SASL library and is prone to Remote Buffer Overflow vulnerability
Impact
Successful exploits allow attackers to run arbitrary code and to crash an application that uses the library thus denying service to legitimate users. Impact Level: Application
Solution
Upgrade to version 2.1.23 or later. ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz
Insight
An error in 'sasl_encode64' function within the lib/saslutil.c, as it fails to perform adequate boundary checks on user supplied data before copying the data to allocated memory buffers.
Affected
Cyrus SASL version prior to 2.1.23
References