Security update for Cyrus SASL authentication framework
A vulnerability in the Cyrus SASL can be exploited for remote DoS attacks on network applications. Attackers may even be able to inject and execute arbitrary code. The Cyrus SASL is an open source implementation of the Simple Authentication and Security Layer (SASL), a generic framework that offers secure authentication for protocols which don't include the feature themselves. For instance, Sendmail uses the Cyrus SASL for SMTP authentication (SMTP AUTH).
The problem is caused by a flaw in the sasl_encode64 function in lib/saslutil.c that can trigger buffer overflows under certain conditions. From version 2.1.23 (direct download), the framework apparently no longer contains the vulnerabilities. However, some applications no longer work with the updated version if the buffer they use doesn't include space for a closing NUL character.
Several Linux distributions are already offering package updates to fix the issue.
See also:
- Cyrus SASL 2.1.23 Released, release announcement from Carnegie Mellon University.
- Cyrus SASL library buffer overflow vulnerability, an advisory from US-CERT.
(dab)
(crve)