SB2015111011 - NULL pointer dereference in cyrus-sasl (Alpine package)
Published: November 10, 2015
Security Bulletin ID
SB2015111011
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2013-4122)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0595a8cfd177012e492000c76033a8a089b51270
- https://git.alpinelinux.org/aports/commit/?id=320e9fe25de21594bb1ef20b31586ec775ab1758
- https://git.alpinelinux.org/aports/commit/?id=336ed678178032d07a97fee172237315410e8d3c
- https://git.alpinelinux.org/aports/commit/?id=ae0d0538a6d887aa919e257b5d2e386000418efa
- https://git.alpinelinux.org/aports/commit/?id=e20d740be6dacfa112b97d79489bcf960eb2c7f8
- https://git.alpinelinux.org/aports/commit/?id=fe02999dad25c9b283cd524a80402e41f8071abb
- https://git.alpinelinux.org/aports/commit/?id=47fee23ae141bd6f1b44eee5cde3f98c0ed99edd
- https://git.alpinelinux.org/aports/commit/?id=c133eb59eb48aa241a95fcc2ce2b14305dd3d7bb
- https://git.alpinelinux.org/aports/commit/?id=805f362fe3e08de88acf6d436963279828c0b64b
- https://git.alpinelinux.org/aports/commit/?id=1a3386650ef4c59672a6e2645aad6abd95c88b42
- https://git.alpinelinux.org/aports/commit/?id=643d80123fb90b0955992f600fd53f7825e0e967
- https://git.alpinelinux.org/aports/commit/?id=7c1c98ce69605a6b1c23593c5656bf930ab81cba
- https://git.alpinelinux.org/aports/commit/?id=8f8862179ae8ac3377a2336812be1f2c6d892e25