PT-2006-1048 · Cyrus+2 · Cyrus Sasl Library+2

Published

2006-04-11

Updated

2018-10-18

CVE-2006-1721

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Cyrus SASL library versions prior to 2.1.21 Gentoo Linux cyrus-sasl package versions prior to 2.1.21-r2

Description: The issue allows remote unauthenticated attackers to cause a denial of service, potentially leading to disruption of protected information. This can be achieved through malformed inputs in DIGEST-MD5 negotiation, resulting in a segmentation fault.

Recommendations: For Cyrus SASL library versions prior to 2.1.21, update to version 2.1.21 or later to resolve the issue. For Gentoo Linux cyrus-sasl package versions prior to 2.1.21-r2, update to version 2.1.21-r2 or later to resolve the issue.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-09503

CVE-2006-1721

DSA-1042-1

RHSA-2007:0795

RHSA-2007:0878

RHSA-2007_0795

Affected Products

Cyrus Sasl Library

Gentoo Linux

Red Hat

PT-2006-1048 · Cyrus+2 · Cyrus Sasl Library+2

CVE-2006-1721

Weakness Enumeration

Related Identifiers

Affected Products

References · 42