CVE-2019-19906 HIGH

Published: 2019-12-19 | Last Modified: 2024-11-21 | Status: Modified

Description

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Additional Descriptions (1)

cyrus-sasl (también se conoce como Cyrus SASL) versión 2.1.27, presenta una escritura fuera de límites conllevando a una denegación de servicio remota no autenticada en OpenLDAP por medio de un paquete LDAP malformado. El bloqueo de OpenLDAP es causado en última instancia por un error por un paso en la función _sasl_add_string en el archivo common.c en cyrus-sasl.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-193 en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
cyrusimap	cyrus-sasl	*	<built-in method update of dict object at 0x72a9ccf8ab80>	Application
debian	debian_linux	8.0	<built-in method update of dict object at 0x72a9b0c12480>	Operating System
debian	debian_linux	9.0	<built-in method update of dict object at 0x72a9ccf89b00>	Operating System
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a9b0c10780>	Operating System
canonical	ubuntu_linux	12.04	<built-in method update of dict object at 0x72a9b0928380>	Operating System
canonical	ubuntu_linux	14.04	<built-in method update of dict object at 0x72a9b092a880>	Operating System
canonical	ubuntu_linux	16.04	<built-in method update of dict object at 0x72a9b0c13280>	Operating System
canonical	ubuntu_linux	18.04	<built-in method update of dict object at 0x72a9ccf89fc0>	Operating System
canonical	ubuntu_linux	19.10	<built-in method update of dict object at 0x72a9ccf8ae00>	Operating System
fedoraproject	fedora	31	<built-in method update of dict object at 0x72a9b092b240>	Operating System
fedoraproject	fedora	32	<built-in method update of dict object at 0x72a9cd07a8c0>	Operating System
redhat	jboss_enterprise_web_server	2.0.0	<built-in method update of dict object at 0x72a9cd079640>	Application
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9ccf89340>	Operating System
redhat	enterprise_linux	5.0	<built-in method update of dict object at 0x72a9cc7d00c0>	Operating System
redhat	enterprise_linux	6.0	<built-in method update of dict object at 0x72a9b092be80>	Operating System
redhat	enterprise_linux	7.0	<built-in method update of dict object at 0x72a9b09295c0>	Operating System
redhat	enterprise_linux	8.0	<built-in method update of dict object at 0x72a9ccf8aec0>	Operating System
redhat	enterprise_linux_eus	8.4	<built-in method update of dict object at 0x72a9ccf8a940>	Operating System
redhat	enterprise_linux_for_ibm_z_systems	8.0	<built-in method update of dict object at 0x72a9ccf88280>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	8.4	<built-in method update of dict object at 0x72a9b0929e00>	Operating System
redhat	enterprise_linux_for_power_little_endian	8.0	<built-in method update of dict object at 0x72a9cd07a600>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	8.4	<built-in method update of dict object at 0x72a9b092b2c0>	Operating System
redhat	enterprise_linux_server_aus	8.4	<built-in method update of dict object at 0x72a9ccf8b880>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4	<built-in method update of dict object at 0x72a9ccf8b000>	Operating System
redhat	enterprise_linux_server_tus	8.4	<built-in method update of dict object at 0x72a9cc7f5ac0>	Operating System
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.4	<built-in method update of dict object at 0x72a9ccf8bac0>	Operating System
apple	ipados	13.6	<built-in method update of dict object at 0x72a9ccf89100>	Operating System
apple	iphone_os	13.6	<built-in method update of dict object at 0x72a9b0928500>	Operating System
apple	mac_os_x	*	<built-in method update of dict object at 0x72a9b0c12200>	Operating System
apple	mac_os_x	*	<built-in method update of dict object at 0x72a9b0dcc9c0>	Operating System
apple	mac_os_x	*	<built-in method update of dict object at 0x72a9b0dcecc0>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9ccf89a80>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dcc700>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dcc300>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dcf440>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dce4c0>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dcdcc0>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dcfd00>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dced40>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0dcff80>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9b0aaca40>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9ccf88a80>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9ccf8a800>	Operating System
apple	mac_os_x	10.13.6	<built-in method update of dict object at 0x72a9ccf8aa40>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9ccf8ac80>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9ccf8a640>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9ccf88940>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc7d0440>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc7d2580>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc7d01c0>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc47ab00>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc479680>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc478580>	Operating System
apache	bookkeeper	4.12.1	<built-in method update of dict object at 0x72a9cc47aa00>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:cyrusimap:cyrus-sasl::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fedoraproject:fedora:31:::::::*`
Yes	`cpe:2.3:o:fedoraproject:fedora:32:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:-::::::`
Yes	`cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:apple:ipados:13.6:::::::*`
Yes	`cpe:2.3:o:apple:iphone_os:13.6:::::::*`
Yes	`cpe:2.3:o:apple:mac_os_x::::::::`
Yes	`cpe:2.3:o:apple:mac_os_x::::::::`
Yes	`cpe:2.3:o:apple:mac_os_x::::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:-::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:apache:bookkeeper:4.12.1:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:centos:centos:7.0:::::::*`

References

http://seclists.org/fulldisclosure/2020/Jul/23
Source: [email protected]

Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/24
Source: [email protected]

Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/23/4
Source: [email protected]

Mailing List Patch Release Notes Third Party Advisory
https://github.com/cyrusimap/cyrus-sasl/issues/587
Source: [email protected]

Patch Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html
Source: [email protected]

Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/
Source: [email protected]
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/
Source: [email protected]
https://seclists.org/bugtraq/2019/Dec/42
Source: [email protected]

Mailing List Third Party Advisory
https://support.apple.com/kb/HT211288
Source: [email protected]

Third Party Advisory
https://support.apple.com/kb/HT211289
Source: [email protected]

Third Party Advisory
https://usn.ubuntu.com/4256-1/
Source: [email protected]

Patch Third Party Advisory
https://www.debian.org/security/2019/dsa-4591
Source: [email protected]

Third Party Advisory
https://www.openldap.org/its/index.cgi/Incoming?id=9123
Source: [email protected]

Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/23
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/24
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/23/4
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch Release Notes Third Party Advisory
https://github.com/cyrusimap/cyrus-sasl/issues/587
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/
Source: af854a3a-2127-422b-91ae-364da2661108
https://seclists.org/bugtraq/2019/Dec/42
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://support.apple.com/kb/HT211288
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://support.apple.com/kb/HT211289
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://usn.ubuntu.com/4256-1/
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://www.debian.org/security/2019/dsa-4591
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.openldap.org/its/index.cgi/Incoming?id=9123
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory