CVE-2005-0373
NONE EPSS 89.1%
Published Oct 7, 200421y ago · Modified Jun 16, 20262w ago
Published Oct 7, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Threat Intelligence
EPSS Exploit Probability
89.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 86
| Vendor | Product | Version | Range |
|---|---|---|---|
| cyrus | sasl | 1.5.24 | any |
| cyrus | sasl | 1.5.27 | any |
| cyrus | sasl | 1.5.28 | any |
| cyrus | sasl | 2.1.9 | any |
| cyrus | sasl | 2.1.10 | any |
| cyrus | sasl | 2.1.11 | any |
| cyrus | sasl | 2.1.12 | any |
| cyrus | sasl | 2.1.13 | any |
| cyrus | sasl | 2.1.14 | any |
| cyrus | sasl | 2.1.15 | any |
| cyrus | sasl | 2.1.16 | any |
| cyrus | sasl | 2.1.17 | any |
| cyrus | sasl | 2.1.18 | any |
| cyrus | sasl | 2.1.18_r1 | any |
| openpkg | openpkg | 2.1 | any |
| openpkg | openpkg | 2.2 | any |
| suse | suse_cvsup | 16.1h_36.i586 | any |
| conectiva | linux | 9.0 | any |
| conectiva | linux | 10.0 | any |
| apple | mac_os_x | 10.0 | any |
| apple | mac_os_x | 10.0.1 | any |
| apple | mac_os_x | 10.0.2 | any |
| apple | mac_os_x | 10.0.3 | any |
| apple | mac_os_x | 10.0.4 | any |
| apple | mac_os_x | 10.1 | any |
| apple | mac_os_x | 10.1.1 | any |
| apple | mac_os_x | 10.1.2 | any |
| apple | mac_os_x | 10.1.3 | any |
| apple | mac_os_x | 10.1.4 | any |
| apple | mac_os_x | 10.1.5 | any |
| apple | mac_os_x | 10.2 | any |
| apple | mac_os_x | 10.2.1 | any |
| apple | mac_os_x | 10.2.2 | any |
| apple | mac_os_x | 10.2.3 | any |
| apple | mac_os_x | 10.2.4 | any |
| apple | mac_os_x | 10.2.5 | any |
| apple | mac_os_x | 10.2.6 | any |
| apple | mac_os_x | 10.2.7 | any |
| apple | mac_os_x | 10.2.8 | any |
| apple | mac_os_x | 10.3 | any |
| apple | mac_os_x | 10.3.1 | any |
| apple | mac_os_x | 10.3.2 | any |
| apple | mac_os_x | 10.3.3 | any |
| apple | mac_os_x | 10.3.4 | any |
| apple | mac_os_x | 10.3.5 | any |
| apple | mac_os_x | 10.3.6 | any |
| apple | mac_os_x | 10.3.7 | any |
| apple | mac_os_x | 10.3.8 | any |
| apple | mac_os_x_server | 10.0 | any |
| apple | mac_os_x_server | 10.1 | any |
| apple | mac_os_x_server | 10.1.1 | any |
| apple | mac_os_x_server | 10.1.2 | any |
| apple | mac_os_x_server | 10.1.3 | any |
| apple | mac_os_x_server | 10.1.4 | any |
| apple | mac_os_x_server | 10.1.5 | any |
| apple | mac_os_x_server | 10.2 | any |
| apple | mac_os_x_server | 10.2.1 | any |
| apple | mac_os_x_server | 10.2.2 | any |
| apple | mac_os_x_server | 10.2.3 | any |
| apple | mac_os_x_server | 10.2.4 | any |
| apple | mac_os_x_server | 10.2.5 | any |
| apple | mac_os_x_server | 10.2.6 | any |
| apple | mac_os_x_server | 10.2.7 | any |
| apple | mac_os_x_server | 10.2.8 | any |
| apple | mac_os_x_server | 10.3 | any |
| apple | mac_os_x_server | 10.3.1 | any |
| apple | mac_os_x_server | 10.3.2 | any |
| apple | mac_os_x_server | 10.3.3 | any |
| apple | mac_os_x_server | 10.3.4 | any |
| apple | mac_os_x_server | 10.3.5 | any |
| apple | mac_os_x_server | 10.3.6 | any |
| apple | mac_os_x_server | 10.3.7 | any |
| apple | mac_os_x_server | 10.3.8 | any |
| redhat | fedora_core | core_1.0 | any |
| suse | suse_linux | 1.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
References 8
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
- linuxcompatible.org http://www.linuxcompatible.org/print42495.html
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:054
- monkey.org http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html
- securityfocus.com http://www.securityfocus.com/bid/11347
- bugzilla.andrew.cmu.edu https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171
- bugzilla.andrew.cmu.edu https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17642
Remediation
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
- linuxcompatible.org http://www.linuxcompatible.org/print42495.html
- monkey.org http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html
- securityfocus.com http://www.securityfocus.com/bid/11347