admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2002/CVE-2002-13xx/CVE-2002-1347.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

128 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2002-1347",
"sourceIdentifier": "cve@mitre.org",
"published": "2002-12-18T05:00:00.000",
"lastModified": "2017-07-11T01:29:13.960",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la librer\u00eda Cyrus SASL 2.1.9 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante\r\n\r\nentradas largas durante la canonizaci\u00f3n de nombre de usuario\r\ncaract\u00e9res que necesitan ser escapados durante autenticaci\u00f3n LDAP usando saslauth, o\r\nun error por uno en el escritor del log, que no asigna espacio para el car\u00e1cter nulo que termina la cadena."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": true,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyrus:sasl:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.9",
"matchCriteriaId": "FB40749C-6BC9-47A3-88BB-90995581C4E0"
}
]
}
]
}
],
"references": [
{
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html",
"source": "cve@mitre.org"
},
{
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557",
"source": "cve@mitre.org"
},
{
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html",
"source": "cve@mitre.org"
},
{
"url": "http://marc.info/?l=bugtraq&m=103946297703402&w=2",
"source": "cve@mitre.org"
},
{
"url": "http://www.debian.org/security/2002/dsa-215",
"source": "cve@mitre.org"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2002-283.html",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/advisories/4826",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/6347",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/6348",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/6349",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink