CVE-2013-4122

NONE EPSS 88.0%
Published Oct 27, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Oct 27, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

Threat Intelligence

EPSS Exploit Probability
88.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-189

Affected Products 33

VendorProductVersionRange
cmucyrus-sasl* ≤2.1.26
cmucyrus-sasl1.5.28any
cmucyrus-sasl2.1.19any
cmucyrus-sasl2.1.20any
cmucyrus-sasl2.1.21any
cmucyrus-sasl2.1.22any
cmucyrus-sasl2.1.23any
cmucyrus-sasl2.1.24any
cmucyrus-sasl2.1.25any
gnuglibc2.2any
gnuglibc2.2.1any
gnuglibc2.2.2any
gnuglibc2.2.3any
gnuglibc2.2.4any
gnuglibc2.2.5any
gnuglibc2.3any
gnuglibc2.3.1any
gnuglibc2.3.2any
gnuglibc2.3.3any
gnuglibc2.3.4any
gnuglibc2.3.5any
gnuglibc2.3.6any
gnuglibc2.3.10any
gnuglibc2.4any
gnuglibc2.5any
gnuglibc2.5.1any
gnuglibc2.6any
gnuglibc2.6.1any
gnuglibc2.7any
gnuglibc2.8any
gnuglibc2.9any
gnuglibc2.17any
gnuglibc2.18any

References 9

  • git.cyrusimap.org http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
    ExploitPatch
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-201309-01.xml
  • debian.org http://www.debian.org/security/2015/dsa-3368
  • openwall.com http://www.openwall.com/lists/oss-security/2013/07/12/3
  • openwall.com http://www.openwall.com/lists/oss-security/2013/07/12/6
  • openwall.com http://www.openwall.com/lists/oss-security/2013/07/13/1
  • openwall.com http://www.openwall.com/lists/oss-security/2013/07/15/1
  • ubuntu.com http://www.ubuntu.com/usn/USN-2755-1
  • linuxquestions.org https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/

Remediation

  • git.cyrusimap.org http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
    ExploitPatch