security advisory regarding cyrus-sasl?

Marcel Holtmann marcel at holtmann.org
Wed Apr 12 14:41:09 EDT 2006


Hi Alexey,

> >We saw this advisory for cyrus-sasl, but can't see the problem
> >or the real issue.
> >
> >http://labs.musecurity.com/advisories/MU-200604-01.txt
> >
> >Is this issue for real?
> >  
> >
> Yes, certain malformed input can cause segfault in the server side 
> DIGEST-MD5 plugin.
> DIGEST-MD5 client side might be affected as well.

the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
tell us when it got fixed and point to an actual patch in the CVS. I
assume that this issue has already been fixed in version 2.1.20, but
also I might be wrong with this assumption.

Regards

Marcel




More information about the Cyrus-sasl mailing list