[Full-disclosure] [ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cyrus-sasl
Date : April 24, 2006
Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability in the CMU Cyrus Simple Authentication and Security
Layer (SASL) library < 2.1.21, has an unknown impact and remote
unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In
practice, Marcus Meissner found it is possible to crash the cyrus-imapd
daemon with a carefully crafted communication that leaves out
"realm=..." in the reply or the initial server response.

Updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
0f6e423a1ef3803f9b6777e827977b3d 10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
2e37644e8b213c87f36182e4af6eb433 10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm
2b2c4cf9ea3fd956e9de41e91e4c4fbf 10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
2173a85249e7db834a966b7cd6e8d5b4 10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
7d9f04136abdfd24487209226c6ab5d7 10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
a0e0468a37eeb1af3e3a9a8635900d1b 10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
8b752a8a31d0948f9a1b0564fbcb724e 10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
3fbc57415040abca570130360a25224d 10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
8907de7fa38e47c4bfece4001b137aa2 10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
545880d896754e11d17cb372c418e778 10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
0a5882eb7e2c92c7d1fed113a7f18bd5 10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
667f46d4b52290df98b9af19ee21dee6 10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
df6c6c9920af062ed2cbf3ee4c1f9594 10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
cc933c21e9066d307bb30e4272dab7bb 10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
4551b0897bf06e66ac70d9f139b8765f 10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
39fd1454e83c134507ca8808da363687 x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
57afeeebed5b3fa7ff3e2b2839ccce57 x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
d12ce309789ddc682e1950001ec19389 x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
a83ae6920b1f8e4b7bf8461cbf6c5189 x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm
d30a0b7d795925f2ea85b5d7f3f438b0 x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm
fe36af2939a515c0cfcdb060659e5205 x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm
0addc7200f5c435eb831245bda7e2f10 x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm
00b84e5dc048bdbd201fb92578510a7d x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm
fc4ab1994c1152c227d07b8ef2002bfc x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm
d4fd5b860b88e9da40ffbb19f7f1774d x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm
72aeb079de7722039b218cd3c2a20466 x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm
5d0a5312b270d4d3f7cef16f913904a2 x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm
f22d9bb0f6271ce0df23c43465e0ada9 x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm
035d220ffceae7ed7cebb283109e4b61 x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm
4551b0897bf06e66ac70d9f139b8765f x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

Corporate 3.0:
930ea7b485d2a0602825e46ec4834270 corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
e9667c09be3be825f9d67e9c608ebee9 corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm
26681a8fd727e325a4ab41fdf0f76d5b corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
531e71aabe2ba6a33db9e25b16d600b3 corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm
4f2ddc1b1af415ed62216df4fa7a1990 corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm
41e834325c30d3df778be78ee20936ac corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm
6fb04d4b4ff321f1743afebcc4bc04af corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm
2ecbbc9319c881130eee4f32c2ecd13d corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm
7dd9267c007aa2d4e7477564b1d0053f corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm
5022c174c4fc977a89200df7639061b3 corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm
dd5332fbaca9ed53148c514833c85662 corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm
721fddfeb6929f20c0b0a036cd94af85 corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm
91fad35e0d021b48e0724f1028fdb95f corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm
a47121c61c1d764dd174fb87ba15e11e corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
1d28b4d2b3011e989ab92bdd2567e743 x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm
d722baf79d0b9db27279db46107d7703 x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm
d2e284770fc354b547e20e92795cdf00 x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm
d59de45402ce7290a7d4c8e305057ba5 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm
2972d5ea5d139ebf54971a3e4b983631 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm
201aed549c8efc3bfdd23e15d4e0c95d x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm
373cac68a6d6fe16adf4f10d27cd9b44 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm
1382da3f31460f7596c5ce3099194c78 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm
ac1fc40eb0c6b613321032325c91564c x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm
a6b6433706ef5316e9b38c36b5490941 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm
6f845c26b0df123330a8e7dc9e41a3da x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm
130905710e927b237b8f3b4a09c56823 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm
1560672b155b37e4432e58065662ef25 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm
a47121c61c1d764dd174fb87ba15e11e x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
8b6d21b255eb0423935e4755b8d5e14a mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm
fdb7603310a32f2e44bcf5138fa97a93 mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm
4212f51dc7713dcc2551271a4e193ae7 mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm
34115f9f7d4da76ec1aae5e97d30e649 mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm
4c3a147915c049be92c4706ee25ecf62 mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm
cbdf0553d8b352920c19ec71fa657c1f mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm
c9c5c214b8a08441b343b5b8f4f1f4ee mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm
275828de1aa4acb4e9f425004114ddc2 mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm
788c1a1134884135899e734b8071602e mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm
a920489cdfd9072f9189d5bebda99c03 mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm
f184c2d1696670d5a332577535f2b6e5 mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm
4b8e4add36ce7bfb1a3b13360ee4a8c5 mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm
52d4ee53157468483f15c3f58888db3b mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm
07885e682d6eb07d7316fda28f31bda5 mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETQHOmqjQ0CJFipgRAnR0AKC/ZJxAqd0AfU2VjyI785X9E/bN4gCg2VEQ
xEt8+xfAUd8no5mCIAm2h/k=
=UqJL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages