RHSA-2007:0795

Executive Summary

Summary
Title	cyrus-sasl security and bug fix update

Informations
Name	RHSA-2007:0795	First vendor Publication	2007-09-04
Vendor	RedHat	Last vendor Modification	2007-09-04
Severity (Vendor)	Moderate	Revision	01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Cvss Base Score	2.6	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	High
Cvss Expoit Score	4.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated cyrus-sasl package that addresses a security issue and fixes
various other bugs is now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.

A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the "realm") was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)

This errata also fixes the following bugs:

* the Kerberos 5 library included in Red Hat Enterprise Linux 4 was not
thread safe. This update adds functionality which allows it to be used
safely in a threaded application.

* several memory leak bugs were fixed in cyrus-sasl's DIGEST-MD5
authentication plug-in.

* /dev/urandom is now used by default on systems which don't support
hwrandom. Previously, dev/random was the default.

* cyrus-sasl needs zlib-devel to build properly. This dependency
information is now included in the package.

Users are advised to upgrade to this updated cyrus-sasl package, which
resolves these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

157012 - [RFE] cyrus-sasl should use /dev/urandom by default
189814 - CVE-2006-1721 cyrus-sasl digest-md5 DoS
190113 - Missing build dependancy for zlib-devel in cyrus-sasl
243910 - krb5-libs are not thread-safe
244075 - Memory leaks in digest-md5 plugin
250732 - sasl-sample-server crash

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2007-0795.html

CWE : Common Weakness Enumeration

id	Name
CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9861

Oval ID:	oval:org.mitre.oval:def:9861
Title:	digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
Description:	digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-1721	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section cyrus-sasl-plain is earlier than 0:2.1.15-15 AND cyrus-sasl-md5 is earlier than 0:2.1.15-15 AND cyrus-sasl-gssapi is earlier than 0:2.1.15-15 AND cyrus-sasl-devel is earlier than 0:2.1.15-15 AND cyrus-sasl is earlier than 0:2.1.15-15 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section cyrus-sasl-ntlm is earlier than 0:2.1.19-14 AND cyrus-sasl-sql is earlier than 0:2.1.19-14 AND cyrus-sasl-plain is earlier than 0:2.1.19-14 AND cyrus-sasl-md5 is earlier than 0:2.1.19-14 AND cyrus-sasl-gssapi is earlier than 0:2.1.19-14 AND cyrus-sasl-devel is earlier than 0:2.1.19-14 AND cyrus-sasl is earlier than 0:2.1.19-14

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cyrus Sasl cpe:/a:cyrus:sasl:2.1.20 cpe:/a:cyrus:sasl:2.1.19 cpe:/a:cyrus:sasl:2.1.18_r2 cpe:/a:cyrus:sasl:2.1.18_r1 cpe:/a:cyrus:sasl:2.1.18	5

Open Source Vulnerability Database (OSVDB)

id	Description
24510	Cyrus SASL DIGEST-MD5 Pre-Authentication Unspecified DoS

Type	Count
Oval ID(s)	1
CPE ID(s)	5
osvdb(s)	1

Related	Severity
CVE-2006-1721	(Low)

Same Subject	Severity
Login to view 4 more Alert(s)

RHSA-2007:0795

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU