2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.073 Low
EPSS
Percentile
94.0%
CentOS Errata and Security Advisory CESA-2007:0878
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
A bug was found in cyrus-sasl’s DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the “realm”) was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)
Users of cyrus-sasl should upgrade to these updated packages, which contain a
backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-September/076326.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076327.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076328.html
https://lists.centos.org/pipermail/centos-announce/2007-September/089088.html
Affected packages:
cyrus-sasl
cyrus-sasl-devel
cyrus-sasl-gssapi
cyrus-sasl-md5
cyrus-sasl-plain
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0878
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | cyrus-sasl | < 2.1.15-15 | cyrus-sasl-2.1.15-15.i386.rpm |
CentOS | 3 | i386 | cyrus-sasl-devel | < 2.1.15-15 | cyrus-sasl-devel-2.1.15-15.i386.rpm |
CentOS | 3 | i386 | cyrus-sasl-gssapi | < 2.1.15-15 | cyrus-sasl-gssapi-2.1.15-15.i386.rpm |
CentOS | 3 | i386 | cyrus-sasl-md5 | < 2.1.15-15 | cyrus-sasl-md5-2.1.15-15.i386.rpm |
CentOS | 3 | i386 | cyrus-sasl-plain | < 2.1.15-15 | cyrus-sasl-plain-2.1.15-15.i386.rpm |
CentOS | 3 | i386 | cyrus-sasl | < 2.1.15-15 | cyrus-sasl-2.1.15-15.i386.rpm |
CentOS | 3 | x86_64 | cyrus-sasl | < 2.1.15-15 | cyrus-sasl-2.1.15-15.x86_64.rpm |
CentOS | 3 | x86_64 | cyrus-sasl-devel | < 2.1.15-15 | cyrus-sasl-devel-2.1.15-15.x86_64.rpm |
CentOS | 3 | i386 | cyrus-sasl-gssapi | < 2.1.15-15 | cyrus-sasl-gssapi-2.1.15-15.i386.rpm |
CentOS | 3 | x86_64 | cyrus-sasl-gssapi | < 2.1.15-15 | cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm |