Lucene search
UbuntuUSN-272-1HistoryApr 24, 2006 - 12:00 a.m.
cyrus-sasl2 vulnerability
2006-04-2400:00:00
ubuntu.com
27
9.3 High
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.073 Low
EPSS
Percentile
94.0%
Releases
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Details
A Denial of Service vulnerability has been discovered in the SASL
authentication library when using the DIGEST-MD5 plugin. By sending a
specially crafted realm name, a malicious SASL server could exploit
this to crash the application that uses SASL.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 5.10 | noarch | libsasl2-modules-gssapi-heimdal | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | libsasl2-modules-gssapi-heimdal | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | libsasl2-modules-gssapi-heimdal | < * | UNKNOWN |
References
Related
oraclelinux
oraclelinux
Moderate: cyrus-sasl security update
2007-09-04 00:00:00
Moderate: cyrus-sasl security and bug fix update
2007-09-04 00:00:00
nessus
nessus
FreeBSD : cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service (408f6ebf-d152-11da-962f-000b972eb521)
2006-05-13 00:00:00
MDKSA-2006:073 : cyrus-sasl
2006-04-26 00:00:00
CentOS 3 : cyrus-sasl (CESA-2007:0878)
2007-09-05 00:00:00
debian
debian
[SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service
2006-04-25 17:35:50
[SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service
2006-04-25 17:35:50
centos
centos
cyrus security update
2007-09-04 21:52:33
cyrus security update
2007-09-04 21:31:32
freebsd
freebsd
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
2006-04-11 00:00:00
redhat
redhat
(RHSA-2007:0878) Moderate: cyrus-sasl security update
2007-09-04 00:00:00
(RHSA-2007:0795) Moderate: cyrus-sasl security and bug fix update
2007-09-04 00:00:00
ubuntucve
ubuntucve
CVE-2006-1721
2006-04-11 00:00:00
prion
prion
Design/Logic Flaw
2006-04-11 23:02:00
debiancve
debiancve
CVE-2006-1721
2006-04-11 23:02:00
openvas
openvas
Debian: Security Advisory (DSA-1042-1)
2008-01-17 00:00:00
FreeBSD Ports: cyrus-sasl
2008-09-04 00:00:00
FreeBSD Ports: cyrus-sasl
2008-09-04 00:00:00
gentoo
gentoo
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service
2006-04-21 00:00:00
cve
cve
CVE-2006-1721
2006-04-11 23:02:00
suse
suse
remote denial of service in cyrus-sasl-digestmd5
2006-05-05 14:16:08
securityvulns
securityvulns
9.3 High
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.073 Low
EPSS
Percentile
94.0%
Related for USN-272-1