Starting with glibc v2.17, the crypt() routine fails with EINVAL return code (returning NULL) if the salt violates specification. Additionally, on FIPS-140 enabled Linux systems, DES / MD5 algorithms encrypted passwords passed to crypt fail with EPERM return code (returning NULL). Based on the above a denial of service flaw was found in the way Cyrus SASL, the Cyrus implementation of SASL, used to behave under aforementioned conditions / environments. A remote attacker could issue a specially-crafted authentication request to cause denial of the Cyrus SASL's daemon services. References: [1] http://www.openwall.com/lists/oss-security/2013/07/12/3 Upstream patch: [2] http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d [3] http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.23-glibc217-crypt.diff [4] http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.26-glibc217-crypt.diff
This issue affects the versions of the cyrus-sasl package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue did NOT affect the versions of the cyrus-sasl package, as shipped with Fedora release of 17, 18, and 19.
This flaw in cyrus-sasl is triggered when crypt() returns NULL. Two changes in implementation of crypt() could result in NULL return value with errno being set. 1. Usage of invalid salt-values: This change was introduced via the following commit: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ba74a357376c8f8bf49487f96ae71cf2460c3f3 There is a basic check for a sane salt value and if found incorrect, crypt returns NULL. This change was not backported into the versions of glibc used in Red Hat Enterprise Linux 5 and 6. 2. Reject requests to encrypt password using the MD5/DES algorithm when FIPS-140 mode is enabled: This change was introduced via the following commit: http://sourceware.org/git/?p=glibc.git;a=commit;h=e745142509a427ccb9b14ee94ff24f7f36f7f4b6 The versions of glibc in Red Hat Enterprise Linux is built against NSS crypto, which is FIPS compliant. Users of crypt() are allowed to use MD5 in FIPS mode, i.e. it can be used for hashing. However the above upstream glibc commit took the conservative step of disabling any crypto routine not specifically allowed by FIPS140-2. On the premise that FIPS140-2 annex forbids MD5 (and DES), and because the callers cant be controlled or audited, it was decided to block usage of MD5/DES in crypt() itself. This change was also not backported to the version of glibc shipped with Red Hat Enterprise Linux 5 and 6.
Statement: Not Vulnerable. This issue does not affect the version of cyrus-sasl package as shipped with Red Hat Enterprise Linux 5 and 6.