Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1721

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1721
Last Modified 07 Mar 2011 12:00:00
Published 11 Apr 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1721

Summary

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

Vulnerable Systems

Application

  • Cyrus Sasl 2.1.18

  • Cyrus Sasl 2.1.18 R1

  • Cyrus Sasl 2.1.18 R2

  • Cyrus Sasl 2.1.19

  • Cyrus Sasl 2.1.20


References

BID - 17446

SECUNIA - 19618

MISC - http://labs.musecurity.com/advisories/MU-200604-01.txt

XF - cyrus-sasl-digest-dos(25738)

VUPEN - ADV-2008-1744

VUPEN - ADV-2006-3852

VUPEN - ADV-2006-1306

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

UBUNTU - USN-272-1

TRUSTIX - 2006-0024

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

REDHAT - RHSA-2007:0878

REDHAT - RHSA-2007:0795

SUSE - SUSE-SA:2006:025

MANDRIVA - MDKSA-2006:073

GENTOO - GLSA-200604-09

DEBIAN - DSA-1042

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm

SECTRACK - 1016960

SECUNIA - 30535

SECUNIA - 27237

SECUNIA - 26857

SECUNIA - 26708

SECUNIA - 22187

SECUNIA - 20014

SECUNIA - 19964

SECUNIA - 19825

SECUNIA - 19809

SECUNIA - 19753

FULLDISC - 20060410 [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

APPLE - APPLE-SA-2006-09-29

CONFIRM - http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775

SGI - 20070901-01-P

Related Patches

Apple 2006-09-29 Mac OS X Update 10.4.8 Combo (PPC) (Rev 3)

Apple 2006-09-29 Mac OS X 10.4.8 Update (PPC) (Rev 3)

Apple 2006-09-29 Mac OS X Server 10.4.8 Update (PPC) (Rev 3)

Apple 2006-09-29 Mac OS X Server 10.4.8 Combo Update (PPC) (Rev 3)

Apple 2006-09-29 Mac OS X Update 10.4.8 Combo (Intel) (Rev 3)

Apple 2006-09-29 Mac OS X 10.4.8 Update (Intel) (Rev 3)

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 10:42:10