CVE-2002-2043

Published: Dec 31, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.

Affected (2)

Products: Cyrus: Sasl

Cyrus

1 product

Sasl

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cyrus Sasl	Version 1.5.24
Cyrus Sasl	Version 1.5.27

References (6)

http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html

Source: cve@mitre.org

Patch

http://www.iss.net/security_center/static/8748.php

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/4409

Source: cve@mitre.org

Patch

http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.iss.net/security_center/static/8748.php

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/4409

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.