New Search

Security Vulnerability in the Simple Authentication and Security Layer (SASL) Library Bundled with the Java Enterprise System (JES) may Allow Unprivileged Users to Crash Applications Using the sasl_encode64 Function

oval:org.mitre.oval:def:6136

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 9
  • Sun Solaris 8
  • Sun Solaris 10
Class:
vulnerability
Reference(s):
  • CVE-2009-0688
Product(s):