|
Cyrus-SASL Syslog Format String Vulnerability
Cyrus-SASL is an open-source implementation of SASL, the "Simple Authentication and Security Layer". Cyrus SASL contains a format string vulnerability in it's internal logging function. Data that may be externally supplied is passed to syslog() as the format string argument. This may allow for remote attackers who can inject format specifiers into a log message to execute arbitrary code. |
|
|
Privacy Statement |
