Re: CVE request: Cyrus-sasl NULL ptr. dereference

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/12/2013 09:47 AM, mancha wrote:
> On Fri, 12 Jul 2013 15:35:22 +0000 "Solar Designer" wrote:
> > Does this really crash the entire daemon process rather than just
> > one of its children (where a new one would be spawned for another
> > request)?
> >
> > I think this needs to be clarified, and the answer will affect 
> > whether we have a security issue (CVE-worthy) or not.
> >
> > Alexander
>
> That is a good question. The short answer is there isn't a re-spawn
> of crashed processes. The longer answer is cyrus-sasl's saslauthd
> defaults to starting up 5 round-robin listening threads
> (configurable via -n switch).
>
> Under a default scenario, authentication would continue to be 
> available until the 5th NULL ptr. dereference.
>
> --mancha

Please use CVE-2013-4122 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR4O60AAoJEBYNRVNeJnmTwZoQAKoEBUomTUuBgTRp4cCrxhm4
ksvJj51XX7jQ47UZonjjAEsTJpOX4fUROjWozCajBJEeHaUJJTN4+kPr7P3RSSIi
n3xc461ShNIZix4nOkM9hwy7wYjVi+bWDWHmQuIqslvDb/0EEKvmNihm4UzNzQXu
hPkJm4ruG0FlbyBrYRhbQUi67+BDefUCHujNEcratKFF26pD8VSUBNiRSsB8aO5H
ZRvI31YdvTby4Tj6xoiPvJsl26VQ6Zz3W64ttaEu0M+J/lWkhu8a4WnFtUPkmtRt
bxrYEEg2rULDicB+EFClBK9yMeCKvj9SsWcqCoC+RR84S0j9GbhpvEfS6caP0IXu
NH89aGWnpte2yJzhG0/oguebTkXdnHCn6DFy5ExYEZzPMUHrthl89fGVcmDvAXHI
azYdfgyqP2dfNHSPeL16XejFwx7YnTKIKAn4KN3WYTTuLPcUOXReaAp1Xmzn8yP5
u2X1luMhpoqGNHknRTd/+eiHioOlH/8HduO1OuXQoenZWbKoIxh9tq8gCQZraXz/
6F26UDQ3QZdKr4FITPB2Wx+YV3Q0gq2N7JTJIVHI4qIbWWKHTzw/mwSa4zPMNBMi
/f4EXSwg/SvRgLAA9yuMdUYpSitmvcRt0hjlLziSUsTHfbIAd6hnYiEpb5BJbo22
EpaAXVTngIOWvrdmclDw
=EBY6
-----END PGP SIGNATURE-----