152811 – Cyrus-SASL Buffer Overflow

Bug 152811 - Cyrus-SASL Buffer Overflow

Summary: Cyrus-SASL Buffer Overflow

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora Legacy
Classification:	Retired
Component:	Package request
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Fedora Legacy Bugs
QA Contact:
Docs Contact:
URL:	http://www.securityfocus.com/archive/...
Whiteboard:	LEGACY
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-10-12 06:57 UTC by John Dalbec
Modified:	2008-05-01 15:38 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description David Lawrence 2005-03-30 23:28:17 UTC

7) MODERATE: Cyrus-SASL Buffer Overflow
Affected:
Cyrus-SASL version 2.1.18-r1 or prior

Description: Simple Authentication and Security Layer (SASL) provides a
general framework that can be used by protocols like IMAP or SMTP for
authentication purposes. Cyrus-SASL library is a popular SASL
implementation which is used by widely deployed software such as
sendmail. The library contains a buffer overflow in processing MD5
digests that may be exploited to execute arbitrary code with the
privileges of the application using the Cyrus-SASL library. The
technical details regarding the overflow can be obtained by diffing the
digestmda5.c file between the patched and the unpatched versions.

References:
Gentoo Linux Advisory
http://www.securityfocus.com/archive/1/377775/2004-10-04/2004-10-10/0  
Software using Cyrus-SASL
http://asg.web.cmu.edu/sasl/sasl-projects.html  
Cyrus-SASL Homepage
http://asg.web.cmu.edu/sasl/  
SecurityFocus BID
http://www.securityfocus.com/bid/11347 

Status: Vendor confirmed, upgrade to version 2.1.19. Gentoo and other
Linux distributions have also provided updated packages.



------- Additional Comments From michal 2004-10-12 11:44:07 ----

It is somewhat confusing.  All quoted references talk about CAN-2004-0884, and
https://bugzilla.fedora.us/show_bug.cgi?id=2137 is supposedly about that while
CAN-2004-0884 is so far marked as **RESERVED** hence to me inaccesible.
OTOH I do not see a code in patches to bug #2137 which would deal with
digestmda5.c so this appears to be something new.



------- Additional Comments From michal 2004-10-12 12:26:07 ----

In a response to my comment on
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657
mjc wrote
"The digestmda5.c issue was separate to CAN-2004-0884 and did not
affect any version of cyrus-sasl with Red Hat Enterprise Linux (or
Fedora Core)."

I guess that by an extension this applies to all sources we are interested in.
This is based only on an mjc word.




------- Additional Comments From marcdeslauriers 2004-10-13 12:44:43 ----

Changelog to digestmda5.c is here:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c

AFAICT, offending code was introduced in change 1.170 and fixed in 1.171, way
after the versions of cyrus-sasl we have.

I'm closing this.



------- Bug moved to this database by dkl 2005-03-30 18:28 -------

This bug previously known as bug 2153 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2153
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Note You need to log in before you can comment on or make changes to this bug.