Buffer overflow in digestmda5.c in Cyrus-SASL before 2.1.18-r1 allows remote attackers to execute arbitrary code. https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.167&r2=1.172 I'm not entirely sure of the real impact of this issue since I don't completely understand the usage of cyrus-sasl. This issue may also affect RHEL2.1
Almost certainly a false alarm, per http://www.irbs.net/internet/cyrus-sasl/0408/0059.html
Nalin, I'm inclined to agree. Here is the CVS commit in question: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup After looking over our code, and that code, we're fine. If you agree, please close this as not a bug.
Thanks Josh, will do.