VULHUB ™

The Cyrus SASL LDAP+MySQL patch is a freely available, open source enhancement patch. It is designed for use on the Unix and Linux operating systems. Due to a design problem in the patch, users may gain access to the mail accounts of others. By passing a specially crafted SQL command to the password challenge, it is possible to provoke a successful authentication response from the MySQL server. This would give access to the mail of the user specified in the login challenge.

The Cyrus SASL LDAP+MySQL patch is a freely available, open source enhancement patch. It is designed for use on the Unix and Linux operating systems. Due to a design problem in the patch, users may gain access to the mail accounts of others. By passing a specially crafted SQL command to the password challenge, it is possible to provoke a successful authentication response from the MySQL server. This would give access to the mail of the user specified in the login challenge.