Jump to content

Advisories (MDKSA-2006:073 ): cyrus-sasl


aru
 Share

Recommended Posts

Mandriva Advisories MDKSA-2006:073 : cyrus-sasl

 

Updated cyrus-sasl packages addresses vulnerability

April 24th, 2006

 

A vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library < 2.1.21, has an unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner found it is possible to crash the cyrus-imapd daemon with a carefully crafted communication that leaves out "realm=..." in the reply or the initial server response. Updated packages have been patched to address this issue.

 

 

The released versions of Mandriva GNU/Linux affected are:

  • CS3.0
  • MNF2.0
  • 10.2

Full information about this advisory, including the updated packages, is available at:

wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:073

 

Other references:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721

 

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)

Link to comment
Share on other sites

 Share

×
×
  • Create New...