Bug 150091
Summary: | digest-md5 causes program crash on poor input | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | John Haxby <jch> | ||||
Component: | cyrus-sasl | Assignee: | Steve Conklin <sconklin> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0 | CC: | mjc, redhat-bugzilla, security-response-team, sibel.karabulut, tis | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-07-10 21:14:38 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
John Haxby
2005-03-02 14:41:40 UTC
Using the same technique as described above, this is a good way of causing a segmentation violation in a sendmail process. This is restricted to the child process handling the connection. (In reply to comment #1) > Using the same technique as described above, this is a good way of causing a > segmentation violation in a sendmail process. This is restricted to the child > process handling the connection. I have a problem, this must be cyrus-sasl bug. I try to work postfix and cyrus-imap, cyrus-sasl. But when I wrote "cyradm --user cyrus --server localhost" from konsole, I get same error messages: IMAP Password: at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server with as cyrus What am I do? I can add user with saslpasswd, but cyradm not add. Have you any proper document or test guide, can you send me by mail. Did you make test cyrus-sasl, cyrus-imap and postfix. I have read a lot of document from web site, and from web forum, but anything did not solve my problem. please tell me what must I do? This problem is know as CVE-2006-1721. Created attachment 149326 [details] Patch to fix CVE-2006-1721 vulnerability https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r2=1.175&r1=1.173&f=u |