Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1116

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64217

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:1116

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:1116.;;The cyrus-imapd packages contain a high-performance mail server with IMAP,;POP3, NNTP, and SIEVE support.;;It was discovered that the Cyrus SASL library (cyrus-sasl) does not always;reliably terminate output from the sasl_encode64() function used by;programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on;this function's output being properly terminated. Under certain conditions,;improperly terminated output from sasl_encode64() could, potentially, cause;cyrus-imapd to crash, disclose portions of its memory, or lead to SASL;authentication failures. (CVE-2009-0688);;Users of cyrus-imapd are advised to upgrade to these updated packages,;which resolve this issue. After installing the update, cyrus-imapd will be;restarted automatically.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1116.

The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and SIEVE support.

It was discovered that the Cyrus SASL library (cyrus-sasl) does not always
reliably terminate output from the sasl_encode64() function used by
programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on
this function's output being properly terminated. Under certain conditions,
improperly terminated output from sasl_encode64() could, potentially, cause
cyrus-imapd to crash, disclose portions of its memory, or lead to SASL
authentication failures. (CVE-2009-0688)

Users of cyrus-imapd are advised to upgrade to these updated packages,
which resolve this issue. After installing the update, cyrus-imapd will be
restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0688
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 34961
http://www.securityfocus.com/bid/34961
Cert/CC Advisory: TA10-103B
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
CERT/CC vulnerability note: VU#238019
http://www.kb.cert.org/vuls/id/238019
Debian Security Information: DSA-1807 (Google Search)
http://www.debian.org/security/2009/dsa-1807
http://security.gentoo.org/glsa/glsa-200907-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:113
http://osvdb.org/54514
http://osvdb.org/54515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136
http://www.redhat.com/support/errata/RHSA-2009-1116.html
http://www.securitytracker.com/id?1022231
http://secunia.com/advisories/35094
http://secunia.com/advisories/35097
http://secunia.com/advisories/35102
http://secunia.com/advisories/35206
http://secunia.com/advisories/35239
http://secunia.com/advisories/35321
http://secunia.com/advisories/35416
http://secunia.com/advisories/35497
http://secunia.com/advisories/35746
http://secunia.com/advisories/39428
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://www.ubuntu.com/usn/usn-790-1
http://www.vupen.com/english/advisories/2009/1313
http://www.vupen.com/english/advisories/2009/2012
XForce ISS Database: solaris-sasl-saslencode64-bo(50554)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50554

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64217
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1116
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1116.;;The cyrus-imapd packages contain a high-performance mail server with IMAP,;POP3, NNTP, and SIEVE support.;;It was discovered that the Cyrus SASL library (cyrus-sasl) does not always;reliably terminate output from the sasl_encode64() function used by;programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on;this function's output being properly terminated. Under certain conditions,;improperly terminated output from sasl_encode64() could, potentially, cause;cyrus-imapd to crash, disclose portions of its memory, or lead to SASL;authentication failures. (CVE-2009-0688);;Users of cyrus-imapd are advised to upgrade to these updated packages,;which resolve this issue. After installing the update, cyrus-imapd will be;restarted automatically.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1116. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688) Users of cyrus-imapd are advised to upgrade to these updated packages, which resolve this issue. After installing the update, cyrus-imapd will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0688 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 34961 http://www.securityfocus.com/bid/34961 Cert/CC Advisory: TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html CERT/CC vulnerability note: VU#238019 http://www.kb.cert.org/vuls/id/238019 Debian Security Information: DSA-1807 (Google Search) http://www.debian.org/security/2009/dsa-1807 http://security.gentoo.org/glsa/glsa-200907-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:113 http://osvdb.org/54514 http://osvdb.org/54515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136 http://www.redhat.com/support/errata/RHSA-2009-1116.html http://www.securitytracker.com/id?1022231 http://secunia.com/advisories/35094 http://secunia.com/advisories/35097 http://secunia.com/advisories/35102 http://secunia.com/advisories/35206 http://secunia.com/advisories/35239 http://secunia.com/advisories/35321 http://secunia.com/advisories/35416 http://secunia.com/advisories/35497 http://secunia.com/advisories/35746 http://secunia.com/advisories/39428 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.ubuntu.com/usn/usn-790-1 http://www.vupen.com/english/advisories/2009/1313 http://www.vupen.com/english/advisories/2009/2012 XForce ISS Database: solaris-sasl-saslencode64-bo(50554) https://exchange.xforce.ibmcloud.com/vulnerabilities/50554
Copyright	Copyright (C) 2009 E-Soft Inc.