189815 – CVE-2006-1721 cyrus-sasl digest-md5 DoS

Bug 189815 - CVE-2006-1721 cyrus-sasl digest-md5 DoS

Summary: CVE-2006-1721 cyrus-sasl digest-md5 DoS

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cyrus-sasl
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	source=cve,reported=20060411,public=2...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-24 20:37 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:	cyrus-sasl-2.1.20-6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-07-25 23:41:36 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-04-24 20:37:30 UTC

cyrus-sasl digest-md5 DoS

A DoS during SASL authentication digest-md5 negotiation could crash an
applications authenticating using the digest-md5 feature of
cyrus-sasl.

This issue was fixed upstream in 2.1.21.

An advisory regarding this issue was published here:
http://labs.musecurity.com/advisories/MU-200604-01.txt

The note from upstream verifying the isue was fixed in 2.1.21 is here:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775

Comment 1 Fedora Update System 2006-05-05 01:48:04 UTC

cyrus-sasl-2.1.20-6 has been pushed for fc4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 2 Matthew Miller 2006-07-25 23:41:36 UTC

This appears to have been fixed in an update earlier this year (see comment #1)
but never closed. Marking closed.

Note You need to log in before you can comment on or make changes to this bug.