← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

PublicDateAtUSN: 2013-07-18
Candidate: CVE-2013-4122
PublicDate: 2013-10-26
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122
 http://openwall.com/lists/oss-security/2013/07/12/3
 http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
 http://www.ubuntu.com/usn/usn-1988-1
 http://www.ubuntu.com/usn/usn-2755-1
Description:
 Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL
 value is returned upon an error by the crypt function as implemented in
 glibc 2.17 and later, which allows remote attackers to cause a denial of
 service (thread crash and consumption) via (1) an invalid salt or, when
 FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which
 triggers a NULL pointer dereference.
Ubuntu-Description:
Notes:
 sarnold> NULL return from crypt() if the salt isn't sane
 sarnold> Upgraded to medium, bug report shows remote attackers can disable
  the sasl service by repeating the attack; THREADS=0 configuration is a
  work-around that may help to prevent abuse.
 mdeslaur> eglibc only returns NULL from crypt() in 2.17+, so quantal
 mdeslaur> and older are not affected.
 mdeslaur> 2015-09-25: patch was dropped by mistake in debian's
 mdeslaur> 2.1.26 package, fixed again in 2.1.26.dfsg1-14
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716835
 https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001
Priority: medium
Discovered-by:
Assigned-to: mdeslaur

Patches_cyrus-sasl2:
 upstream: http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d (trunk)
 patch: http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.23-glibc217-crypt.diff (2.1.23)
 patch: http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.26-glibc217-crypt.diff (2.1.26)
upstream_cyrus-sasl2: released (2.1.26.dfsg1-14)
lucid_cyrus-sasl2: not-affected
precise_cyrus-sasl2: not-affected
quantal_cyrus-sasl2: not-affected
raring_cyrus-sasl2: released (2.1.25.dfsg1-6ubuntu0.1)
trusty_cyrus-sasl2: not-affected (2.1.25.dfsg1-17)
vivid_cyrus-sasl2: released (2.1.26.dfsg1-13ubuntu0.1)
devel_cyrus-sasl2: released (2.1.26.dfsg1-14)
vivid/stable-phone-overlay_cyrus-sasl2: released (2.1.26.dfsg1-13ubuntu0.1)
vivid/ubuntu-core_cyrus-sasl2: released (2.1.26.dfsg1-13ubuntu0.1)