oss-sec mailing list archives
Re: CVE request: Cyrus-sasl NULL ptr. dereference
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 13 Jul 2013 00:07:48 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/12/2013 09:47 AM, mancha wrote:
On Fri, 12 Jul 2013 15:35:22 +0000 "Solar Designer" wrote:Does this really crash the entire daemon process rather than just one of its children (where a new one would be spawned for another request)? I think this needs to be clarified, and the answer will affect whether we have a security issue (CVE-worthy) or not. AlexanderThat is a good question. The short answer is there isn't a re-spawn of crashed processes. The longer answer is cyrus-sasl's saslauthd defaults to starting up 5 round-robin listening threads (configurable via -n switch). Under a default scenario, authentication would continue to be available until the 5th NULL ptr. dereference. --mancha
Please use CVE-2013-4122 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR4O60AAoJEBYNRVNeJnmTwZoQAKoEBUomTUuBgTRp4cCrxhm4 ksvJj51XX7jQ47UZonjjAEsTJpOX4fUROjWozCajBJEeHaUJJTN4+kPr7P3RSSIi n3xc461ShNIZix4nOkM9hwy7wYjVi+bWDWHmQuIqslvDb/0EEKvmNihm4UzNzQXu hPkJm4ruG0FlbyBrYRhbQUi67+BDefUCHujNEcratKFF26pD8VSUBNiRSsB8aO5H ZRvI31YdvTby4Tj6xoiPvJsl26VQ6Zz3W64ttaEu0M+J/lWkhu8a4WnFtUPkmtRt bxrYEEg2rULDicB+EFClBK9yMeCKvj9SsWcqCoC+RR84S0j9GbhpvEfS6caP0IXu NH89aGWnpte2yJzhG0/oguebTkXdnHCn6DFy5ExYEZzPMUHrthl89fGVcmDvAXHI azYdfgyqP2dfNHSPeL16XejFwx7YnTKIKAn4KN3WYTTuLPcUOXReaAp1Xmzn8yP5 u2X1luMhpoqGNHknRTd/+eiHioOlH/8HduO1OuXQoenZWbKoIxh9tq8gCQZraXz/ 6F26UDQ3QZdKr4FITPB2Wx+YV3Q0gq2N7JTJIVHI4qIbWWKHTzw/mwSa4zPMNBMi /f4EXSwg/SvRgLAA9yuMdUYpSitmvcRt0hjlLziSUsTHfbIAd6hnYiEpb5BJbo22 EpaAXVTngIOWvrdmclDw =EBY6 -----END PGP SIGNATURE-----
Current thread:
- CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Sebastian Krahmer (Jul 15)
- <Possible follow-ups>
- Re: CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Kurt Seifried (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)