Package name
cyrus-sasl
Date
2006-04-24
Advisory ID
MDKSA-2006:073
Affected versions
CS3.0 i586 , 10.2 i586 , MNF2.0 i586 , 10.2 x86_64 , CS3.0 x86_64

Problem description

A vulnerability in the CMU Cyrus Simple Authentication and Security
Layer (SASL) library < 2.1.21, has an unknown impact and remote
unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In
practice, Marcus Meissner found it is possible to crash the cyrus-imapd
daemon with a carefully crafted communication that leaves out
"realm=..." in the reply or the initial server response.

Updated packages have been patched to address this issue.

Updated packages

CS3.0 i586

 930ea7b485d2a0602825e46ec4834270  corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
 e9667c09be3be825f9d67e9c608ebee9  corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm
 26681a8fd727e325a4ab41fdf0f76d5b  corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
 531e71aabe2ba6a33db9e25b16d600b3  corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm
 4f2ddc1b1af415ed62216df4fa7a1990  corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm
 41e834325c30d3df778be78ee20936ac  corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm
 6fb04d4b4ff321f1743afebcc4bc04af  corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm
 2ecbbc9319c881130eee4f32c2ecd13d  corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm
 7dd9267c007aa2d4e7477564b1d0053f  corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm
 5022c174c4fc977a89200df7639061b3  corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm
 dd5332fbaca9ed53148c514833c85662  corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm
 721fddfeb6929f20c0b0a036cd94af85  corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm
 91fad35e0d021b48e0724f1028fdb95f  corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm
 a47121c61c1d764dd174fb87ba15e11e  corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

10.2 i586

 0f6e423a1ef3803f9b6777e827977b3d  10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
 2e37644e8b213c87f36182e4af6eb433  10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm
 2b2c4cf9ea3fd956e9de41e91e4c4fbf  10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
 2173a85249e7db834a966b7cd6e8d5b4  10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
 7d9f04136abdfd24487209226c6ab5d7  10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
 a0e0468a37eeb1af3e3a9a8635900d1b  10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
 8b752a8a31d0948f9a1b0564fbcb724e  10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
 3fbc57415040abca570130360a25224d  10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
 8907de7fa38e47c4bfece4001b137aa2  10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
 545880d896754e11d17cb372c418e778  10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
 0a5882eb7e2c92c7d1fed113a7f18bd5  10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
 667f46d4b52290df98b9af19ee21dee6  10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
 df6c6c9920af062ed2cbf3ee4c1f9594  10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
 cc933c21e9066d307bb30e4272dab7bb  10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
 4551b0897bf06e66ac70d9f139b8765f  10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

MNF2.0 i586

 8b6d21b255eb0423935e4755b8d5e14a  mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm
 fdb7603310a32f2e44bcf5138fa97a93  mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm
 4212f51dc7713dcc2551271a4e193ae7  mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm
 34115f9f7d4da76ec1aae5e97d30e649  mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm
 4c3a147915c049be92c4706ee25ecf62  mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm
 cbdf0553d8b352920c19ec71fa657c1f  mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm
 c9c5c214b8a08441b343b5b8f4f1f4ee  mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm
 275828de1aa4acb4e9f425004114ddc2  mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm
 788c1a1134884135899e734b8071602e  mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm
 a920489cdfd9072f9189d5bebda99c03  mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm
 f184c2d1696670d5a332577535f2b6e5  mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm
 4b8e4add36ce7bfb1a3b13360ee4a8c5  mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm
 52d4ee53157468483f15c3f58888db3b  mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm
 07885e682d6eb07d7316fda28f31bda5  mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm

10.2 x86_64

 39fd1454e83c134507ca8808da363687  x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
 57afeeebed5b3fa7ff3e2b2839ccce57  x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
 d12ce309789ddc682e1950001ec19389  x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
 a83ae6920b1f8e4b7bf8461cbf6c5189  x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm
 d30a0b7d795925f2ea85b5d7f3f438b0  x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm
 fe36af2939a515c0cfcdb060659e5205  x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm
 0addc7200f5c435eb831245bda7e2f10  x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm
 00b84e5dc048bdbd201fb92578510a7d  x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm
 fc4ab1994c1152c227d07b8ef2002bfc  x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm
 d4fd5b860b88e9da40ffbb19f7f1774d  x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm
 72aeb079de7722039b218cd3c2a20466  x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm
 5d0a5312b270d4d3f7cef16f913904a2  x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm
 f22d9bb0f6271ce0df23c43465e0ada9  x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm
 035d220ffceae7ed7cebb283109e4b61  x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm
 4551b0897bf06e66ac70d9f139b8765f  x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

CS3.0 x86_64

 1d28b4d2b3011e989ab92bdd2567e743  x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm
 d722baf79d0b9db27279db46107d7703  x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm
 d2e284770fc354b547e20e92795cdf00  x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm
 d59de45402ce7290a7d4c8e305057ba5  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm
 2972d5ea5d139ebf54971a3e4b983631  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm
 201aed549c8efc3bfdd23e15d4e0c95d  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm
 373cac68a6d6fe16adf4f10d27cd9b44  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm
 1382da3f31460f7596c5ce3099194c78  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm
 ac1fc40eb0c6b613321032325c91564c  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm
 a6b6433706ef5316e9b38c36b5490941  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm
 6f845c26b0df123330a8e7dc9e41a3da  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm
 130905710e927b237b8f3b4a09c56823  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm
 1560672b155b37e4432e58065662ef25  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm
 a47121c61c1d764dd174fb87ba15e11e  x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

References