CVE-2002-2043
Summary
| CVE | CVE-2002-2043 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-12-31 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| archives.neohapsis.com/archives/bugtraq/2002-04/0020.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Patch |
| ISS X-Force Database: cyrus-sasl-patch-pop-access (8748): Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access | af854a3a-2127-422b-91ae-364da2661108 | www.iss.net | Patch |
| www.securityfocus.com/bid/4409 | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2006-08-30 | Mark J Cox | Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
There are currently no legacy QID mappings associated with this CVE.