Published: 11/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions prior to 2.1.21, allows remote unauthenticated malicious users to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cyrus sasl 2.1.18_r1
cyrus sasl 2.1.18_r2
cyrus sasl 2.1.19
cyrus sasl 2.1.20
cyrus sasl 2.1.18

Debian Bug report logs - #361937 libsasl2: DIGEST-MD5 Pre-Auth DoS found in 2118, likely to also be in 2119 and 2120 Package: libsasl2; Maintainer for libsasl2 is (unknown); Reported by: Sven Mueller <debian@incasede> Date: Tue, 11 Apr 2006 11:18:05 UTC Severity: important Tags: fixed, security Found in version lib ...

A Denial of Service vulnerability has been discovered in the SASL authentication library when using the DIGEST-MD5 plugin By sending a specially crafted realm name, a malicious SASL server could exploit this to crash the application that uses SASL ...

The Mu Security research team discovered a denial of service condition in the Simple Authentication and Security Layer authentication library (SASL) during DIGEST-MD5 negotiation This potentially affects multiple products that use SASL DIGEST-MD5 authentication including OpenLDAP, Sendmail, Postfix, etc The old stable distribution (woody) is not ...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1721

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect