security advisory regarding cyrus-sasl?

Alexey Melnikov alexey.melnikov at isode.com
Thu Apr 13 09:54:58 EDT 2006


Marcel Holtmann wrote:

>Hi Alexey,
>  
>
>>>We saw this advisory for cyrus-sasl, but can't see the problem
>>>or the real issue.
>>>
>>>http://labs.musecurity.com/advisories/MU-200604-01.txt
>>>
>>>Is this issue for real?
>>>      
>>>
>>Yes, certain malformed input can cause segfault in the server side 
>>DIGEST-MD5 plugin.
>>DIGEST-MD5 client side might be affected as well.
>>    
>>
>
>the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
>tell us when it got fixed and point to actual patch in the CVS. I assume
>that this issue has already been fixed in version 2.1.20, but I might be
>wrong.
>  
>
Yes, 2.1.20 should do. 2.1.21 doesn't segfault. I didn't test any 
versions in between.



More information about the Cyrus-sasl mailing list