2.6

CVE-2006-1721

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CyrusSasl Version2.1.18
CyrusSasl Version2.1.18_r1
CyrusSasl Version2.1.18_r2
CyrusSasl Version2.1.19
CyrusSasl Version2.1.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.43% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775
http://labs.musecurity.com/advisories/MU-200604-01.txt
Patch
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044992.html
http://secunia.com/advisories/19618
Patch
Vendor Advisory
http://secunia.com/advisories/19753
Vendor Advisory
http://secunia.com/advisories/19809
Vendor Advisory
http://secunia.com/advisories/19825
Vendor Advisory
http://secunia.com/advisories/19964
Vendor Advisory
http://secunia.com/advisories/20014
Vendor Advisory
http://secunia.com/advisories/22187
Vendor Advisory
http://secunia.com/advisories/26708
Vendor Advisory
http://secunia.com/advisories/26857
Vendor Advisory
http://secunia.com/advisories/27237
Vendor Advisory
http://secunia.com/advisories/30535
Vendor Advisory
http://securitytracker.com/id?1016960
http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm
http://www.debian.org/security/2006/dsa-1042
http://www.gentoo.org/security/en/glsa/glsa-200604-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:073
http://www.novell.com/linux/security/advisories/2006_05_05.html
http://www.redhat.com/support/errata/RHSA-2007-0795.html
http://www.redhat.com/support/errata/RHSA-2007-0878.html
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/17446
Patch
http://www.trustix.org/errata/2006/0024
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2006/1306
Vendor Advisory
http://www.vupen.com/english/advisories/2006/3852
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9861
https://usn.ubuntu.com/272-1/