FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1721

This CVE name corresponds to:

Entered	Topic
2006-04-22	cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-1721 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2006-1721
Phase	Assigned(20060411)

Description

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

References

Source	Reference
BUGTRAQ	20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
FULLDISC	20060410 [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service
MISC	http://labs.musecurity.com/advisories/MU-200604-01.txt
CONFIRM	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2008-0009.html
APPLE	APPLE-SA-2006-09-29
DEBIAN	DSA-1042
GENTOO	GLSA-200604-09
MANDRIVA	MDKSA-2006:073
REDHAT	RHSA-2007:0795
REDHAT	RHSA-2007:0878
SGI	20070901-01-P
SUSE	SUSE-SA:2006:025
TRUSTIX	2006-0024
UBUNTU	USN-272-1
BID	17446
OVAL	oval:org.mitre.oval:def:9861
VUPEN	ADV-2006-1306
VUPEN	ADV-2006-3852
VUPEN	ADV-2008-1744
SECTRACK	1016960
SECUNIA	19618
SECUNIA	19809
SECUNIA	19825
SECUNIA	19753
SECUNIA	19964
SECUNIA	22187
SECUNIA	20014
SECUNIA	26708
SECUNIA	26857
SECUNIA	27237
SECUNIA	30535
XF	cyrus-sasl-digest-dos(25738)