Cyrus SASL DIGEST-MD5 denial of service

cyrus-sasl-digest-dos (25738)

Low Risk

Description:

Carnegie Mellon University's Cyrus-SASL library is vulnerable to a denial of service caused by an undisclosed vulnerability during DIGEST-MD5 negotiation.

Platforms Affected:

• Apple, Mac OS X 10.3.9
• Apple, Mac OS X Server 10.3.9
• Avaya, Communication Manager 2.0
• Avaya, Communication Manager 2.0.1
• Avaya, Communication Manager 2.1
• Avaya, Communication Manager 2.1.1
• Avaya, Communication Manager 2.2
• Avaya, Communication Manager 2.2.1
• Avaya, Communication Manager 2.2.2
• Avaya, Communication Manager 3.0
• Avaya, Communication Manager 3.0.1
• Avaya, Communication Manager 3.1
• Avaya, Communication Manager 3.1.1
• Avaya, Communication Manager 3.1.2
• Avaya, Communication Manager 3.1.3
• Avaya, Communication Manager 3.1.4
• Avaya, Communication Manager 4.0
• Avaya, Communication Manager 4.0.1
• Avaya, Communication Manager 4.0.3
• Avaya, Expanded Meet-Me Conferencing
• Avaya, Intuity Audix LX
• Avaya, Message Networking
• Avaya, Message Storage Server 2.0
• Avaya, Message Storage Server 2.0.1
• Avaya, Message Storage Server 3.0
• Avaya, Message Storage Server 3.1
• Canonical, Ubuntu 4.10
• Canonical, Ubuntu 5.04
• Canonical, Ubuntu 5.10
• Carnegie Mellon University, Cyrus-SASL 2.1.18
• Debian, Debian Linux 3.1
• Gentoo, Linux
• MandrakeSoft, Mandrake Linux LE2005 X86_64
• MandrakeSoft, Mandrake Linux LE2005
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Multi Network Firewall 2.0
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Enterprise Linux 4 ES
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 WS
• SuSE, SuSE Linux 9.1
• SuSE, SuSE Linux 9.2
• SuSE, SuSE Linux 9.3
• SuSE, SuSE SLES 9
• VMware, ACE 2.0
• VMware, ACE 2.0.1
• VMware, ACE 2.0.2
• VMware, ACE 2.0.3
• VMware, ESX Server 3.5
• VMware, ESXi Server 3.5
• VMware, Fusion 1.0
• VMware, Fusion 1.1
• VMware, Fusion 1.1.1
• VMware, Player 2.0
• VMware, Player 2.0.1
• VMware, Player 2.0.2
• VMware, Player 2.0.3
• VMware, Server 1.0
• VMware, Server 1.0.1
• VMware, Server 1.0.2
• VMware, Server 1.0.3
• VMware, Server 1.0.4
• VMware, Server 1.0.5
• VMware, Workstation 6.0
• VMware, Workstation 6.0.1
• VMware, Workstation 6.0.2

Remedy:

Upgrade to the latest version of Cyrus-SASL (2.1.21 or later), available from the Carnegie Mellon University's FTP site. See References.

For Debian GNU/Linux:
Refer to DSA-1042-1 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-04-09 for patch, upgrade, or suggested workaround information. See References.

For Apple Mac OS X and Mac OS X Server:
Apply Apple Security Update 2006-006 or Mac OS X 10.4.8 Update, available from the Apple Web site. See References.

For SUSE Linux:
Refer to SUSE Security Announcement SUSE-SA:2006:025 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Denial of Service

References:

• Carnegie Mellon University's FTP site, /pub/cyrus-mail/ at ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.
• Full-Disclosure Mailing List, Mon Apr 10 2006 - 13:05:41 CDT, [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service at http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0180.html.
• Mac OS X 10.4.8 and Security Update 2006-006, About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006 at http://docs.info.apple.com/article.html?artnum=304460.
• US-CERT Technical Cyber Security Alert TA06-275A, Multiple Vulnerabilities in Apple and Adobe Products at http://www.us-cert.gov/cas/techalerts/TA06-275A.html.
• VMSA-2008-0009, Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues at http://www.vmware.com/security/advisories/VMSA-2008-0009.html.
• ASA-2007-426: cyrus-sasl security and bug fix update (RHSA-2007-0795)
• BID-17446: Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability
• CVE-2006-1721: digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
• DSA-1042: cyrus-sasl2 -- programming error
• GLSA-200604-09: Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
• MDKSA-2006:073: Updated cyrus-sasl packages addresses vulnerability
• RHSA-2007-0795: Moderate: cyrus-sasl security and bug fix update
• RHSA-2007-0878: Moderate: cyrus-sasl security update
• SA19618: Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service
• SA22187: Mac OS X Security Update Fixes Multiple Vulnerabilities
• SA27237: Avaya Products Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service
• SA30535: VMware ESX Server Multiple Security Updates
• SECTRACK ID: 1016960: Cyrus SASL DIGEST-MD5 Negotiation Flaw Lets Remote Users Deny Service
• SUSE-SA:2006:025: cyrus-sasl-digestmd5 denial of service attack
• USN-272-1: cyrus-sasl2 vulnerability
• VUPEN/ADV-2006-1306: Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service Vulnerability
• VUPEN/ADV-2006-3852: Apple Mac OS X Multiple Command Execution and Denial of Service Vulnerabilities
• VUPEN/ADV-2008-1744: VMware Security Update Fixes Multiple Code Execution Vulnerabilities

Reported:

Apr 10, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page