EUVD-2005-0374

Malware in sbrugna...

CVE-2025-40919

The CVE-2025-40919 entry concerns Authen::DigestMD5 for Perl, affecting versions 0.01–0.02. The vulnerability stems from generating the cnonce with an MD5 hash of the PID, epoch time, and Perl’s rand(), which can yield low-entropy values (PID from a small set and potentially guessable epoch time)...

CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely

Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...

CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely

Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...

Authen::DigestMD5 安全漏洞

Authen::DigestMD5 is a module in the Perl language from the Perl community. A security vulnerability exists in Authen::DigestMD5 versions 0.01 through 0.02, which stems from insecure cnonce generation...

PT-2025-29832 · Unknown · Authen::Digestmd5

Name of the Vulnerable Software and Affected Versions: Authen::DigestMD5 versions 0.01 through 0.02 Description: The cnonce client nonce is generated insecurely using an MD5 hash of the PID, the epoch time, and the built-in rand function. The PID originates from a limited set of numbers, and the...

SUSE CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 also referred to as digestmda5.c, as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code...

CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 also referred to as digestmda5.c, as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code...

SLES10: Security update for cyrus-sasl

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: cyrus-sasl cyrus-sasl-crammd5 cyrus-sasl-devel cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain cyrus-sasl-sqlauxprop More details may...

SLES11: Security update for cyrus-sasl

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: cyrus-sasl cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain More details may also be found by searching for the SuSE...

SLES9: Security update for cyrus-sasl

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: cyrus-sasl cyrus-sasl-crammd5 cyrus-sasl-devel cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain For more information, please visit the...

SUSE-SA:2006:025: cyrus-sasl-digestmd5

The remote host is missing the patch for the advisory SUSE-SA:2006:025 cyrus-sasl-digestmd5. If a server or client is using DIGEST-MD5 authentication via the cyrus-sasl libraries it is possible to cause a denial of service attack against the other side client or server by leaving out the 'realm='...

Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2005:054)

A buffer overflow was discovered in cyrus-sasl's digestmd5 code. This could lead to a remote attacker executing code in the context of the service using SASL authentication. This vulnerability was fixed upstream in version 2.1.19. The updated packages are patched to deal with this issue...

CVE-2005-0373

CVE-2005-0373 describes a buffer overflow in Cyrus-SASL’s DIGEST-MD5 implementation (digestmd5.c, CVS release 1.170, also referred to as digestmda5.c) that was not part of official releases. The flaw allows remote attackers to execute arbitrary code by triggering the overflow in the Digest-MMD5 S...

DEBIAN-CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 also referred to as digestmda5.c, as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code...