|Title||cyrus-sasl security and bug fix update|
|Name||RHSA-2007:0795||First vendor Publication||2007-09-04|
|Vendor||RedHat||Last vendor Modification||2007-09-04|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P)|
|Cvss Base Score||2.6||Attack Range||Network|
|Cvss Impact Score||2.9||Attack Complexity||High|
|Cvss Expoit Score||4.9||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
An updated cyrus-sasl package that addresses a security issue and fixes
various other bugs is now available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.
A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the "realm") was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)
This errata also fixes the following bugs:
* the Kerberos 5 library included in Red Hat Enterprise Linux 4 was not
thread safe. This update adds functionality which allows it to be used
safely in a threaded application.
* several memory leak bugs were fixed in cyrus-sasl's DIGEST-MD5
* /dev/urandom is now used by default on systems which don't support
hwrandom. Previously, dev/random was the default.
* cyrus-sasl needs zlib-devel to build properly. This dependency
information is now included in the package.
Users are advised to upgrade to this updated cyrus-sasl package, which
resolves these issues.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
157012 - [RFE] cyrus-sasl should use /dev/urandom by default
189814 - CVE-2006-1721 cyrus-sasl digest-md5 DoS
190113 - Missing build dependancy for zlib-devel in cyrus-sasl
243910 - krb5-libs are not thread-safe
244075 - Memory leaks in digest-md5 plugin
250732 - sasl-sample-server crash
|Url : https://rhn.redhat.com/errata/RHSA-2007-0795.html|
CWE : Common Weakness Enumeration
|CWE-20||Improper Input Validation|
|Definition Id: oval:org.mitre.oval:def:9861|
|Title:||digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.|
|Description:||digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.|
|Platform(s):||Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
|24510||Cyrus SASL DIGEST-MD5 Pre-Authentication Unspecified DoS|