Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2002:018)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Kari Hurtta discovered that a format bug exists in the Cyrus SASL
library, which is used to provide an authentication API for mail
clients and servers, as well as other services such as LDAP. The
format bug was found in one of the logging functions which could be
used by an attacker to obtain access to a machine or to possibly
acquire elevated privileges. Thanks to the SuSE security team for
providing the fix.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13926 (mandrake_MDKSA-2002-018.nasl)

Bugtraq ID: 3498

CVE ID: CVE-2001-0869

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now