CVE-2002-2043
Summary
| CVE | CVE-2002-2043 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-12-31 05:00:00 UTC |
| Updated | 2008-09-05 20:32:00 UTC |
| Description | SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20020402 SASL (v1/v2) MYSQL/LDAP authentication patch. | BUGTRAQ | archives.neohapsis.com | Patch |
| ISS X-Force Database: cyrus-sasl-patch-pop-access (8748): Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access | XF | www.iss.net | Patch |
| 4409 | BID | www.securityfocus.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2006-08-30 | Mark J Cox | Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
There are currently no legacy QID mappings associated with this CVE.