Gentoo Logo

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200604-09 / cyrus-sasl
Release Date April 21, 2006
Latest Revision April 21, 2006: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-libs/cyrus-sasl < 2.1.21-r2 >= 2.1.21-r2 All supported architectures

Related bugreports: #129523

Synopsis

Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service.

2.  Impact Information

Background

Cyrus-SASL is an implementation of the Simple Authentication and Security Layer.

Description

Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service.

Impact

An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Cyrus-SASL users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.21-r2"

4.  References

Print

Updated April 21, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Support OSL

Support OSL

Gentoo Centric Hosting: vr.org

VR Hosted

Tek Alchemy

Tek Alchemy

SevenL.net

SevenL.net

Global Netoptex Inc.

Global Netoptex Inc.

Bytemark

Bytemark

Linux World Expo

Linux World Expo
Copyright 2001-2008 Gentoo Foundation, Inc. Questions, Comments? Contact us.