Red Hat Bugzilla – Bug 152811
Cyrus-SASL Buffer Overflow
Last modified: 2008-05-01 11:38:06 EDT
7) MODERATE: Cyrus-SASL Buffer Overflow
Cyrus-SASL version 2.1.18-r1 or prior
Description: Simple Authentication and Security Layer (SASL) provides a
general framework that can be used by protocols like IMAP or SMTP for
authentication purposes. Cyrus-SASL library is a popular SASL
implementation which is used by widely deployed software such as
sendmail. The library contains a buffer overflow in processing MD5
digests that may be exploited to execute arbitrary code with the
privileges of the application using the Cyrus-SASL library. The
technical details regarding the overflow can be obtained by diffing the
digestmda5.c file between the patched and the unpatched versions.
Gentoo Linux Advisory
Software using Cyrus-SASL
Status: Vendor confirmed, upgrade to version 2.1.19. Gentoo and other
Linux distributions have also provided updated packages.
------- Additional Comments From email@example.com 2004-10-12 11:44:07 ----
It is somewhat confusing. All quoted references talk about CAN-2004-0884, and
https://bugzilla.fedora.us/show_bug.cgi?id=2137 is supposedly about that while
CAN-2004-0884 is so far marked as **RESERVED** hence to me inaccesible.
OTOH I do not see a code in patches to bug #2137 which would deal with
digestmda5.c so this appears to be something new.
------- Additional Comments From firstname.lastname@example.org 2004-10-12 12:26:07 ----
In a response to my comment on
"The digestmda5.c issue was separate to CAN-2004-0884 and did not
affect any version of cyrus-sasl with Red Hat Enterprise Linux (or
I guess that by an extension this applies to all sources we are interested in.
This is based only on an mjc word.
------- Additional Comments From email@example.com 2004-10-13 12:44:43 ----
Changelog to digestmda5.c is here:
AFAICT, offending code was introduced in change 1.170 and fixed in 1.171, way
after the versions of cyrus-sasl we have.
I'm closing this.
------- Bug moved to this database by firstname.lastname@example.org 2005-03-30 18:28 -------
This bug previously known as bug 2153 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.
Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.