CVE-2006-1721
NONE EPSS 82.2%
Published Apr 11, 200620y ago · Modified Jun 16, 20262w ago
Published Apr 11, 2006 20y ago
Last Modified Jun 16, 2026 2w ago
Description
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
Threat Intelligence
EPSS Exploit Probability
82.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 5
References 34
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
- asg.web.cmu.edu http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775
- labs.musecurity.com http://labs.musecurity.com/advisories/MU-200604-01.txt
- lists.apple.com http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
- lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044992.html
- secunia.com http://secunia.com/advisories/19618
- secunia.com http://secunia.com/advisories/19753
- secunia.com http://secunia.com/advisories/19809
- secunia.com http://secunia.com/advisories/19825
- secunia.com http://secunia.com/advisories/19964
- secunia.com http://secunia.com/advisories/20014
- secunia.com http://secunia.com/advisories/22187
- secunia.com http://secunia.com/advisories/26708
- secunia.com http://secunia.com/advisories/26857
- secunia.com http://secunia.com/advisories/27237
- secunia.com http://secunia.com/advisories/30535
- securitytracker.com http://securitytracker.com/id?1016960
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm
- debian.org http://www.debian.org/security/2006/dsa-1042
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200604-09.xml
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:073
- novell.com http://www.novell.com/linux/security/advisories/2006_05_05.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-0795.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-0878.html
- securityfocus.com http://www.securityfocus.com/archive/1/493080/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/17446
- trustix.org http://www.trustix.org/errata/2006/0024
- vmware.com http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- vupen.com http://www.vupen.com/english/advisories/2006/1306
- vupen.com http://www.vupen.com/english/advisories/2006/3852
- vupen.com http://www.vupen.com/english/advisories/2008/1744
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/25738
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9861
- usn.ubuntu.com https://usn.ubuntu.com/272-1/
Remediation
- labs.musecurity.com http://labs.musecurity.com/advisories/MU-200604-01.txt
- secunia.com http://secunia.com/advisories/19618
- securityfocus.com http://www.securityfocus.com/bid/17446