security advisory regarding cyrus-sasl?
Marcel Holtmann
marcel at holtmann.org
Wed Apr 12 14:41:09 EDT 2006
Hi Alexey,
> >We saw this advisory for cyrus-sasl, but can't see the problem
> >or the real issue.
> >
> >http://labs.musecurity.com/advisories/MU-200604-01.txt
> >
> >Is this issue for real?
> >
> >
> Yes, certain malformed input can cause segfault in the server side
> DIGEST-MD5 plugin.
> DIGEST-MD5 client side might be affected as well.
the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
tell us when it got fixed and point to an actual patch in the CVS. I
assume that this issue has already been fixed in version 2.1.20, but
also I might be wrong with this assumption.
Regards
Marcel
More information about the Cyrus-sasl
mailing list