Any info on CVE-2006-1721 ?

Alexey Melnikov alexey.melnikov at isode.com
Tue Oct 3 12:52:01 EDT 2006


Biswatosh wrote:

>Hi, 
>
>Sorry, for repeating the mail. The earlier mail had a
>wrong subject. It might be misleading or not tempting
>enough for reading.
>
>The content is repeated below:
>
>Any info on  CVE-2006-1721 (titled  Cyrus SASL Remote
>Digest-MD5 Denial of Service Vulnerability) ?
>See:
>http://www.securityfocus.com/bid/17446/info 
>
>As I see, the current version has the problem fixed.
>I am interested in knowing :
>
>1)The Bug Id, by which can see about the Bug.
>  
>
There is no bug in Bugzilla for this. Maybe one should be created.

>2)If Bug Id is not there, any idea, what was the exact
>problem in digestmd5.c and how was it solved?
>  
>
cvs diff -u -r 1.173 -r 1.175 plugins/digestmd5.c

>3)It looks this problem was in version 2.1.18. Which
>version fixed it?
>  
>
2.1.21



More information about the Cyrus-sasl mailing list