Bug 152811 - Cyrus-SASL Buffer Overflow
Cyrus-SASL Buffer Overflow
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
Depends On:
  Show dependency treegraph
Reported: 2004-10-12 02:57 EDT by John Dalbec
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:28:17 EST
7) MODERATE: Cyrus-SASL Buffer Overflow
Cyrus-SASL version 2.1.18-r1 or prior

Description: Simple Authentication and Security Layer (SASL) provides a
general framework that can be used by protocols like IMAP or SMTP for
authentication purposes. Cyrus-SASL library is a popular SASL
implementation which is used by widely deployed software such as
sendmail. The library contains a buffer overflow in processing MD5
digests that may be exploited to execute arbitrary code with the
privileges of the application using the Cyrus-SASL library. The
technical details regarding the overflow can be obtained by diffing the
digestmda5.c file between the patched and the unpatched versions.

Gentoo Linux Advisory
Software using Cyrus-SASL
Cyrus-SASL Homepage
SecurityFocus BID

Status: Vendor confirmed, upgrade to version 2.1.19. Gentoo and other
Linux distributions have also provided updated packages.

------- Additional Comments From michal@harddata.com 2004-10-12 11:44:07 ----

It is somewhat confusing.  All quoted references talk about CAN-2004-0884, and
https://bugzilla.fedora.us/show_bug.cgi?id=2137 is supposedly about that while
CAN-2004-0884 is so far marked as **RESERVED** hence to me inaccesible.
OTOH I do not see a code in patches to bug #2137 which would deal with
digestmda5.c so this appears to be something new.

------- Additional Comments From michal@harddata.com 2004-10-12 12:26:07 ----

In a response to my comment on
mjc@redhat.com wrote
"The digestmda5.c issue was separate to CAN-2004-0884 and did not
affect any version of cyrus-sasl with Red Hat Enterprise Linux (or
Fedora Core)."

I guess that by an extension this applies to all sources we are interested in.
This is based only on an mjc word.

------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-13 12:44:43 ----

Changelog to digestmda5.c is here:

AFAICT, offending code was introduced in change 1.170 and fixed in 1.171, way
after the versions of cyrus-sasl we have.

I'm closing this.

------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:28 -------

This bug previously known as bug 2153 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Note You need to log in before you can comment on or make changes to this bug.