CVE-2002-1347: Buffer Overflow
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Affected Software
Remediation
Patch Available
Event History
Frequently Asked Questions
What is the severity of CVE-2002-1347?
CVE-2002-1347 is considered to have a medium severity due to its potential for causing denial of service and possible execution of arbitrary code.
How do I fix CVE-2002-1347?
To fix CVE-2002-1347, upgrade to a version of the Cyrus SASL library that is later than 2.1.9.
What software is affected by CVE-2002-1347?
CVE-2002-1347 affects the Cyrus SASL library versions 2.1.9 and earlier, including various implementations on macOS and Apple servers.
What kind of attacks can exploit CVE-2002-1347?
CVE-2002-1347 can be exploited through buffer overflow attacks that manipulate input during user name canonicalization and LDAP authentication.
Is CVE-2002-1347 still a relevant vulnerability?
Although CVE-2002-1347 was disclosed in 2002, outdated systems that still use affected versions may still be vulnerable.