CVE-2006-1721

NONE EPSS 82.2%
Published Apr 11, 200620y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 11, 2006 20y ago
Last Modified Jun 16, 2026 2w ago

Description

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

Threat Intelligence

EPSS Exploit Probability
82.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 5

VendorProductVersionRange
cyrussasl2.1.18any
cyrussasl2.1.18_r1any
cyrussasl2.1.18_r2any
cyrussasl2.1.19any
cyrussasl2.1.20any

References 34

  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
  • asg.web.cmu.edu http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775
  • labs.musecurity.com http://labs.musecurity.com/advisories/MU-200604-01.txt
    Patch
  • lists.apple.com http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044992.html
  • secunia.com http://secunia.com/advisories/19618
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19753
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/19809
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/19825
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/19964
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/20014
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/22187
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/26708
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/26857
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/27237
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/30535
    Vendor Advisory
  • securitytracker.com http://securitytracker.com/id?1016960
  • support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm
  • debian.org http://www.debian.org/security/2006/dsa-1042
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200604-09.xml
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:073
  • novell.com http://www.novell.com/linux/security/advisories/2006_05_05.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-0795.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-0878.html
  • securityfocus.com http://www.securityfocus.com/archive/1/493080/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/17446
    Patch
  • trustix.org http://www.trustix.org/errata/2006/0024
  • vmware.com http://www.vmware.com/security/advisories/VMSA-2008-0009.html
  • vupen.com http://www.vupen.com/english/advisories/2006/1306
    Vendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2006/3852
    Vendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2008/1744
    Vendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/25738
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9861
  • usn.ubuntu.com https://usn.ubuntu.com/272-1/

Remediation