- Home
- CVEs with nessus.description==From Red Hat Security Advisory 2007:0878 :
Updated cyrus-sasl packages that correct a security issue are now available for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.
A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism.
As part of the DIGEST-MD5 authentication exchange, the client is expected to send a specific set of information to the server. If one of these items (the 'realm') was not sent or was malformed, it was possible for a remote unauthenticated attacker to cause a denial of service (segmentation fault) on the server. (CVE-2006-1721)
Users of cyrus-sasl should upgrade to these updated packages, which contain a backported patch to correct this issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top