FreeBSD Ports: Cyrus-sasl Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.kb.cert.org/vuls/id/238019 http://www.vuxml.org/freebsd/14ab174c-40ef-11de-9fd5-001bd3385381.html

Insight

The following package is affected: cyrus-sasl CVE-2009-0688 Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

Severity

Classification

CVE CVE-2009-0688
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: cdf3
FreeBSD Ports: apache
FreeBSD Ports: chromium
FreeBSD Ports: caml-light
FreeBSD Ports: acroread

FreeBSD Ports: cyrus-sasl

Take action and discover your vulnerabilities