Sun Alert 264248 Security Vulnerability in the Simple Authentication and Security Layer (SASL) Library Bundled with the Java Enterprise System (JES) may Allow Unprivileged Users to Crash Applications Using the sasl_encode64 Function

Product: Java Enterprise System

A buffer overflow security vulnerability in the Simple Authentication and Security Layer (SASL) library bundled with the Java Enterprise System (JES) may allow local or remote unprivileged users to crash applications which use the sasl_encode64 SASL library function.

None of the Sun Java Enterprise System (JES) products which use SASL are impacted by this issue however third-party applications that have a dynamic dependency on the SASL library bundled with JES may be affected.

This vulnerability is also described in the following documents:

CERT VU#238019 at:

CVE-2009-0688 at:

Sun Alert 259148 at:

State: Resolved
First released: 24-Jul-2009
Comments:

Post a Comment:
Comments are closed for this entry.
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today