CVE-2009-0688 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
certcc	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
carnegie_mellon_university	cyrus-sasl	𝑥 ≤ 2.1.22
carnegie_mellon_university	cyrus-sasl	1.4.1
carnegie_mellon_university	cyrus-sasl	1.5.0
carnegie_mellon_university	cyrus-sasl	1.5.2
carnegie_mellon_university	cyrus-sasl	1.5.3
carnegie_mellon_university	cyrus-sasl	1.5.5
carnegie_mellon_university	cyrus-sasl	1.5.10
carnegie_mellon_university	cyrus-sasl	1.5.11
carnegie_mellon_university	cyrus-sasl	1.5.13
carnegie_mellon_university	cyrus-sasl	1.5.15
carnegie_mellon_university	cyrus-sasl	1.5.16
carnegie_mellon_university	cyrus-sasl	1.5.20
carnegie_mellon_university	cyrus-sasl	1.5.21
carnegie_mellon_university	cyrus-sasl	1.5.22
carnegie_mellon_university	cyrus-sasl	1.5.23
carnegie_mellon_university	cyrus-sasl	1.5.24
carnegie_mellon_university	cyrus-sasl	1.5.26
carnegie_mellon_university	cyrus-sasl	1.5.27
carnegie_mellon_university	cyrus-sasl	1.5.28
carnegie_mellon_university	cyrus-sasl	2.0.0
carnegie_mellon_university	cyrus-sasl	2.0.1
carnegie_mellon_university	cyrus-sasl	2.0.2
carnegie_mellon_university	cyrus-sasl	2.0.3
carnegie_mellon_university	cyrus-sasl	2.0.4
carnegie_mellon_university	cyrus-sasl	2.0.5
carnegie_mellon_university	cyrus-sasl	2.1.0
carnegie_mellon_university	cyrus-sasl	2.1.1
carnegie_mellon_university	cyrus-sasl	2.1.2
carnegie_mellon_university	cyrus-sasl	2.1.3
carnegie_mellon_university	cyrus-sasl	2.1.5
carnegie_mellon_university	cyrus-sasl	2.1.6
carnegie_mellon_university	cyrus-sasl	2.1.7
carnegie_mellon_university	cyrus-sasl	2.1.8
carnegie_mellon_university	cyrus-sasl	2.1.9
carnegie_mellon_university	cyrus-sasl	2.1.10
carnegie_mellon_university	cyrus-sasl	2.1.11
carnegie_mellon_university	cyrus-sasl	2.1.12
carnegie_mellon_university	cyrus-sasl	2.1.13
carnegie_mellon_university	cyrus-sasl	2.1.14
carnegie_mellon_university	cyrus-sasl	2.1.15
carnegie_mellon_university	cyrus-sasl	2.1.16
carnegie_mellon_university	cyrus-sasl	2.1.17
carnegie_mellon_university	cyrus-sasl	2.1.18
carnegie_mellon_university	cyrus-sasl	2.1.19
carnegie_mellon_university	cyrus-sasl	2.1.20
carnegie_mellon_university	cyrus-sasl	2.1.21

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cyrus-sasl2

bullseye	2.1.27+dfsg-2.1+deb11u1 fixed
bullseye (security)	2.1.27+dfsg-2.1+deb11u1 fixed
bookworm	2.1.28+dfsg-10 fixed
sid	2.1.28+dfsg1-8 fixed
trixie	2.1.28+dfsg1-8 fixed

Ubuntu Releases

Ubuntu Product

Codename

cyrus-sasl2

jaunty	Fixed 2.1.22.dfsg1-23ubuntu3.1 released
intrepid	Fixed 2.1.22.dfsg1-21ubuntu2.1 released
hardy	Fixed 2.1.22.dfsg1-18ubuntu2.1 released
dapper	Fixed 2.1.19.dfsg1-0.1ubuntu3.1 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://osvdb.org/54514

http://osvdb.org/54515

http://secunia.com/advisories/35094

http://secunia.com/advisories/35097

http://secunia.com/advisories/35102

http://secunia.com/advisories/35206

http://secunia.com/advisories/35239

http://secunia.com/advisories/35321

http://secunia.com/advisories/35416

http://secunia.com/advisories/35497

http://secunia.com/advisories/35746

http://secunia.com/advisories/39428

http://security.gentoo.org/glsa/glsa-200907-09.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1

http://support.apple.com/kb/HT4077

http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091

http://www.debian.org/security/2009/dsa-1807

http://www.kb.cert.org/vuls/id/238019

http://www.mandriva.com/security/advisories?name=MDVSA-2009:113

http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html

http://www.redhat.com/support/errata/RHSA-2009-1116.html

http://www.securityfocus.com/bid/34961

http://www.securitytracker.com/id?1022231

http://www.ubuntu.com/usn/usn-790-1

http://www.us-cert.gov/cas/techalerts/TA10-103B.html

http://www.vupen.com/english/advisories/2009/1313

http://www.vupen.com/english/advisories/2009/2012

https://exchange.xforce.ibmcloud.com/vulnerabilities/50554

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://osvdb.org/54514

http://osvdb.org/54515

http://secunia.com/advisories/35094

http://secunia.com/advisories/35097

http://secunia.com/advisories/35102

http://secunia.com/advisories/35206

http://secunia.com/advisories/35239

http://secunia.com/advisories/35321

http://secunia.com/advisories/35416

http://secunia.com/advisories/35497

http://secunia.com/advisories/35746

http://secunia.com/advisories/39428

http://security.gentoo.org/glsa/glsa-200907-09.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1

http://support.apple.com/kb/HT4077

http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091

http://www.debian.org/security/2009/dsa-1807

http://www.kb.cert.org/vuls/id/238019

http://www.mandriva.com/security/advisories?name=MDVSA-2009:113

http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html

http://www.redhat.com/support/errata/RHSA-2009-1116.html

http://www.securityfocus.com/bid/34961

http://www.securitytracker.com/id?1022231

http://www.ubuntu.com/usn/usn-790-1

http://www.us-cert.gov/cas/techalerts/TA10-103B.html

http://www.vupen.com/english/advisories/2009/1313

http://www.vupen.com/english/advisories/2009/2012

https://exchange.xforce.ibmcloud.com/vulnerabilities/50554

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136