| ID |
CVE-2002-2043
|
| Summary |
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.5 (as of 05-09-2008 - 20:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 4409 | | bugtraq | 20020402 SASL (v1/v2) MYSQL/LDAP authentication patch. | | xf | cyrus-sasl-patch-pop-access(8748) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2006-08-30 | | organization | Red Hat | | statement | Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
|
|
| Last major update |
05-09-2008 - 20:32 |
| Published |
31-12-2002 - 05:00 |
| Last modified |
05-09-2008 - 20:32 |
