oss-sec mailing list archives

Re: CVE request: Cyrus-sasl NULL ptr. dereference

From: "mancha" <mancha1 () hush com>
Date: Fri, 12 Jul 2013 15:47:57 +0000

On Fri, 12 Jul 2013 15:35:22 +0000 "Solar Designer" wrote:

Does this really crash the entire daemon process rather than
just one of its children (where a new one would be spawned for
another request)?

I think this needs to be clarified, and the answer will affect 
whether
we have a security issue (CVE-worthy) or not.

Alexander


That is a good question. The short answer is there isn't a
re-spawn of crashed processes. The longer answer is cyrus-sasl's
saslauthd defaults to starting up 5 round-robin listening
threads (configurable via -n switch).

Under a default scenario, authentication would continue to be
available until the 5th NULL ptr. dereference.

--mancha

Current thread:

CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
  - Re: CVE request: Cyrus-sasl NULL ptr. dereference Sebastian Krahmer (Jul 15)
- <Possible follow-ups>
- Re: CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
  - Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
  - Re: CVE request: Cyrus-sasl NULL ptr. dereference Kurt Seifried (Jul 12)