Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152811 - Cyrus-SASL Buffer Overflow
Summary: Cyrus-SASL Buffer Overflow
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
Whiteboard: LEGACY
Depends On:
TreeView+ depends on / blocked
Reported: 2004-10-12 06:57 UTC by John Dalbec
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:28:17 UTC
7) MODERATE: Cyrus-SASL Buffer Overflow
Cyrus-SASL version 2.1.18-r1 or prior

Description: Simple Authentication and Security Layer (SASL) provides a
general framework that can be used by protocols like IMAP or SMTP for
authentication purposes. Cyrus-SASL library is a popular SASL
implementation which is used by widely deployed software such as
sendmail. The library contains a buffer overflow in processing MD5
digests that may be exploited to execute arbitrary code with the
privileges of the application using the Cyrus-SASL library. The
technical details regarding the overflow can be obtained by diffing the
digestmda5.c file between the patched and the unpatched versions.

Gentoo Linux Advisory  
Software using Cyrus-SASL  
Cyrus-SASL Homepage  
SecurityFocus BID 

Status: Vendor confirmed, upgrade to version 2.1.19. Gentoo and other
Linux distributions have also provided updated packages.

------- Additional Comments From 2004-10-12 11:44:07 ----

It is somewhat confusing.  All quoted references talk about CAN-2004-0884, and is supposedly about that while
CAN-2004-0884 is so far marked as **RESERVED** hence to me inaccesible.
OTOH I do not see a code in patches to bug #2137 which would deal with
digestmda5.c so this appears to be something new.

------- Additional Comments From 2004-10-12 12:26:07 ----

In a response to my comment on wrote
"The digestmda5.c issue was separate to CAN-2004-0884 and did not
affect any version of cyrus-sasl with Red Hat Enterprise Linux (or
Fedora Core)."

I guess that by an extension this applies to all sources we are interested in.
This is based only on an mjc word.

------- Additional Comments From 2004-10-13 12:44:43 ----

Changelog to digestmda5.c is here:

AFAICT, offending code was introduced in change 1.170 and fixed in 1.171, way
after the versions of cyrus-sasl we have.

I'm closing this.

------- Bug moved to this database by 2005-03-30 18:28 -------

This bug previously known as bug 2153 at
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Note You need to log in before you can comment on or make changes to this bug.