| Name | CVE-2013-4122 |
| Description | Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-3368-1 |
| Debian Bugs | 716835, 784112 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| cyrus-sasl2 (PTS) | bullseye (security), bullseye | 2.1.27+dfsg-2.1+deb11u1 | fixed |
| bookworm | 2.1.28+dfsg-10 | fixed | |
| trixie | 2.1.28+dfsg1-9 | fixed | |
| forky, sid | 2.1.28+dfsg1-10 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| cyrus-sasl2 | source | squeeze | (not affected) | |||
| cyrus-sasl2 | source | wheezy | (not affected) | |||
| cyrus-sasl2 | source | jessie | 2.1.26.dfsg1-13+deb8u1 | DSA-3368-1 | ||
| cyrus-sasl2 | source | (unstable) | 2.1.26.dfsg1-14 | 716835, 784112 |
[wheezy] - cyrus-sasl2 <not-affected> (Only exploitable with eglibc 2.17 and later)
[squeeze] - cyrus-sasl2 <not-affected> (Only exploitable with eglibc 2.17 and later)
http://openwall.com/lists/oss-security/2013/07/12/3
http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3803
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3806
Was originally already fixed in 2.1.25.dfsg1-14 (cf. #716835)