Red Hat Bugzilla – Bug 190694
CVE-2006-1721 cyrus-sasl digest-md5 DoS
Last modified: 2007-04-18 13:42:21 EDT
+++ This bug was initially created as a clone of Bug #189814 +++ cyrus-sasl digest-md5 DoS A DoS during SASL authentication digest-md5 negotiation could crash an applications authenticating using the digest-md5 feature of cyrus-sasl. This issue was fixed upstream in 2.1.21. An advisory regarding this issue was published here: http://labs.musecurity.com/advisories/MU-200604-01.txt The note from upstream verifying the isue was fixed in 2.1.21 is here: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775 This issue also affects RHEL3
This issue affects RHL9, FC1, FC2 and FC3; and may also affect RHL 7.3, though RHL 7.3 uses a much older version of cyrus-sasl. We will have to look into it.
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that version. If the issue still persists in current Fedora Core, please reopen. Thank you, and sorry about this.