security advisory regarding cyrus-sasl?
Alexey Melnikov
alexey.melnikov at isode.com
Tue Apr 18 08:01:21 EDT 2006
Alexey Melnikov wrote:
> Marcel Holtmann wrote:
>
>> Hi Alexey,
>>
>>>> We saw this advisory for cyrus-sasl, but can't see the problem
>>>> or the real issue.
>>>>
>>>> http://labs.musecurity.com/advisories/MU-200604-01.txt
>>>>
>>>> Is this issue for real?
>>>
>>> Yes, certain malformed input can cause segfault in the server side
>>> DIGEST-MD5 plugin.
>>> DIGEST-MD5 client side might be affected as well.
>>
>> the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
>> tell us when it got fixed and point to actual patch in the CVS. I assume
>> that this issue has already been fixed in version 2.1.20, but I might be
>> wrong.
>
> Yes, 2.1.20 should do. 2.1.21 doesn't segfault. I didn't test any
> versions in between.
Correction: this is fixed in 2.1.21.
More information about the Cyrus-sasl
mailing list