Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability

Bugtraq ID:	17446
Class:	Boundary Condition Error
CVE:	CVE-2006-1721
Remote:	Yes
Local:	No
Published:	Apr 10 2006 12:00AM
Updated:	Jun 05 2008 01:43AM
Credit:	The Mu Security research team is credited with the discovery of this issue.
Vulnerable:	VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 3.5 Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 SuSE Linux Enterprise Server 9 SGI ProPack 3.0 SP6 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Desktop 4.0 Redhat Desktop 3.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Cyrus-Utils SASL 2.1.20 Cyrus-Utils SASL 2.1.19 Cyrus-Utils SASL 2.1.18 -r2 Cyrus-Utils SASL 2.1.18 -r1 + Gentoo Linux 1.4 Cyrus-Utils SASL 2.1.18 Cyrus-Utils SASL 2.1.17 Cyrus-Utils SASL 2.1.16 Cyrus-Utils SASL 2.1.15 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Cyrus-Utils SASL 2.1.14 Cyrus-Utils SASL 2.1.13 Cyrus-Utils SASL 2.1.12 Cyrus-Utils SASL 2.1.11 Cyrus-Utils SASL 2.1.10 Cyrus-Utils SASL 2.1.9 + Redhat Linux 8.0 i386 + Redhat Linux 8.0 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Message Networking MN 3.1 Avaya Message Networking Avaya Intuity LX 2.0 Avaya Intuity LX Avaya EMMC 1.021 Avaya EMMC 1.017 Avaya EMMC 0 Avaya Communication Manager 2.0.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 + Avaya Communication Manager Server S8700 Avaya Communication Manager 2.0 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 + Avaya Communication Manager Server S8700 Avaya Communication Manager 5.0 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 + Avaya Communication Manager Server S8700 Avaya Communication Manager 2.2 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Communication Manager 2.1 Avaya CCS 3.1.2 Avaya CCS 3.1.1 Avaya CCS 4.0 Avaya AES 4.0 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3
Not Vulnerable:	Cyrus-Utils SASL 2.1.21

Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability

Cyrus SASL is affected by a remote denial-of-service vulnerability. This issue occurs before successful authentication, allowing anonymous remote attackers to trigger it.

This vulnerability allows remote attackers to crash services using the affected SASL library, denying service to legitimate users.

This issue reportedly affects Cyrus SASL 2.1.18; other versions may also be affected.

Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability

Solution:
Cyrus SASL 2.1.21 is available to address this issue. Please see the references for more information.


Apple Mac OS X Server 10.3.9

• Apple SecUpdSrvr2006-006Pan.dmg
  Security Update 2006-006 (10.3.9 Server)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11770&cat= 1&platform=osx&method=sa/SecUpdSrvr2006-006Pan.dmg

Apple Mac OS X 10.3.9

• Apple SecUpd2006-006Pan.dmg
  Security Update 2006-006 (10.3.9 Client)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11769&cat= 1&platform=osx&method=sa/SecUpd2006-006Pan.dmg

Apple Mac OS X Server 10.4

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg

Apple Mac OS X 10.4

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg

Apple Mac OS X Server 10.4.1

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg

Apple Mac OS X 10.4.2

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg

Apple Mac OS X Server 10.4.3

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg

Apple Mac OS X 10.4.3

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg

Apple Mac OS X Server 10.4.4

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg


• Apple Mac OS X Server 10.4.8 Combo Update (PPC)
  PPC
  http://www.apple.com/support/downloads/macosxserver1048comboupdateppc. html

Apple Mac OS X 10.4.4

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg


• Apple Mac OS X 10.4.8 Combo Update (Intel)
  Intel
  http://www.apple.com/support/downloads/macosx1048comboupdateintel.html

Apple Mac OS X Server 10.4.5

• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg


• Apple Mac OS X Server 10.4.8 Combo Update (PPC)
  PPC
  http://www.apple.com/support/downloads/macosxserver1048comboupdateppc. html

Apple Mac OS X Server 10.4.7

• Apple MacOSXUpd10.4.8Intel.dmg
  Mac OS X 10.4.8 Update (Intel)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11796&cat= 1&platform=osx&method=sa/MacOSXUpd10.4.8Intel.dmg


• Apple MacOSXUpd10.4.8PPC.dmg
  Mac OS X 10.4.8 Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11794&cat= 1&platform=osx&method=sa/MacOSXUpd10.4.8PPC.dmg


• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg


• Apple Mac OS X Server 10.4.8 Update (PPC)
  PPC
  http://www.apple.com/support/downloads/macosxserver1048updateppc.html


• Apple Mac OS X Server 10.4.8 Update (Universal)
  PPC
  http://www.apple.com/support/downloads/macosxserver1048updateuniversal .html

Apple Mac OS X 10.4.7

• Apple MacOSXUpd10.4.8Intel.dmg
  Mac OS X 10.4.8 Update (Intel)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11796&cat= 1&platform=osx&method=sa/MacOSXUpd10.4.8Intel.dmg


• Apple MacOSXUpd10.4.8PPC.dmg
  Mac OS X 10.4.8 Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11794&cat= 1&platform=osx&method=sa/MacOSXUpd10.4.8PPC.dmg


• Apple MacOSXUpdCombo10.4.8PPC.dmg
  Mac OS X 10.4.8 Combo Update (PPC)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11795&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.8PPC.dmg

Cyrus-Utils SASL 2.1.11

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz

Cyrus-Utils SASL 2.1.13

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz

Cyrus-Utils SASL 2.1.15

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz


• Mandriva cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm
  Corporate 3.0:
  http://wwwnew.mandriva.com/en/downloads/

Cyrus-Utils SASL 2.1.16

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz

Cyrus-Utils SASL 2.1.17

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz

Cyrus-Utils SASL 2.1.18

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz

Cyrus-Utils SASL 2.1.18 -r1

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz

Cyrus-Utils SASL 2.1.19

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz


• Mandriva cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  


• Mandriva cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm
  Mandriva Linux 10.2/X86_64:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Ubuntu libsasl2-dev_2.1.19-1.3ubuntu0.1_amd64.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.3ubuntu0.1_amd64.deb


• Ubuntu libsasl2-dev_2.1.19-1.3ubuntu0.1_i386.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.3ubuntu0.1_i386.deb


• Ubuntu libsasl2-dev_2.1.19-1.3ubuntu0.1_powerpc.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.3ubuntu0.1_powerpc.deb


• Ubuntu libsasl2-dev_2.1.19-1.5ubuntu1.1_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.5ubuntu1.1_amd64.deb


• Ubuntu libsasl2-dev_2.1.19-1.5ubuntu1.1_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.5ubuntu1.1_i386.deb


• Ubuntu libsasl2-dev_2.1.19-1.5ubuntu1.1_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.5ubuntu1.1_powerpc.deb


• Ubuntu libsasl2-dev_2.1.19-1.5ubuntu4.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.5ubuntu4.2_amd64.deb


• Ubuntu libsasl2-dev_2.1.19-1.5ubuntu4.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.5ubuntu4.2_i386.deb


• Ubuntu libsasl2-dev_2.1.19-1.5ubuntu4.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev _2.1.19-1.5ubuntu4.2_powerpc.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_i386.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_i386.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_i386.deb


• Ubuntu libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_i386.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_i386.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_i386.deb


• Ubuntu libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_i386.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-sql_2.1.19-1.3ubuntu0.1_i386.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_powerpc.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-sql_2.1.19-1.3ubuntu0.1_powerpc.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-sql_2.1.19-1.5ubuntu1.1_amd64.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-sql_2.1.19-1.5ubuntu1.1_i386.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2 -modules-sql_2.1.19-1.5ubuntu1.1_powerpc.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules-sql_2.1.19-1.5ubuntu4.2_amd64.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules-sql_2.1.19-1.5ubuntu4.2_i386.deb


• Ubuntu libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules-sql_2.1.19-1.5ubuntu4.2_powerpc.deb


• Ubuntu libsasl2-modules_2.1.19-1.3ubuntu0.1_amd64.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.3ubuntu0.1_amd64.deb


• Ubuntu libsasl2-modules_2.1.19-1.3ubuntu0.1_i386.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.3ubuntu0.1_i386.deb


• Ubuntu libsasl2-modules_2.1.19-1.3ubuntu0.1_powerpc.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.3ubuntu0.1_powerpc.deb


• Ubuntu libsasl2-modules_2.1.19-1.5ubuntu1.1_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.5ubuntu1.1_amd64.deb


• Ubuntu libsasl2-modules_2.1.19-1.5ubuntu1.1_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.5ubuntu1.1_i386.deb


• Ubuntu libsasl2-modules_2.1.19-1.5ubuntu1.1_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.5ubuntu1.1_powerpc.deb


• Ubuntu libsasl2-modules_2.1.19-1.5ubuntu4.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.5ubuntu4.2_amd64.deb


• Ubuntu libsasl2-modules_2.1.19-1.5ubuntu4.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.5ubuntu4.2_i386.deb


• Ubuntu libsasl2-modules_2.1.19-1.5ubuntu4.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-mod ules_2.1.19-1.5ubuntu4.2_powerpc.deb


• Ubuntu libsasl2_2.1.19-1.3ubuntu0.1_amd64.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.3ubuntu0.1_amd64.deb


• Ubuntu libsasl2_2.1.19-1.3ubuntu0.1_i386.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.3ubuntu0.1_i386.deb


• Ubuntu libsasl2_2.1.19-1.3ubuntu0.1_powerpc.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.3ubuntu0.1_powerpc.deb


• Ubuntu libsasl2_2.1.19-1.5ubuntu1.1_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.5ubuntu1.1_amd64.deb


• Ubuntu libsasl2_2.1.19-1.5ubuntu1.1_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.5ubuntu1.1_i386.deb


• Ubuntu libsasl2_2.1.19-1.5ubuntu1.1_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.5ubuntu1.1_powerpc.deb


• Ubuntu libsasl2_2.1.19-1.5ubuntu4.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.5ubuntu4.2_amd64.deb


• Ubuntu libsasl2_2.1.19-1.5ubuntu4.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.5ubuntu4.2_i386.deb


• Ubuntu libsasl2_2.1.19-1.5ubuntu4.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1 .19-1.5ubuntu4.2_powerpc.deb


• Ubuntu sasl2-bin_2.1.19-1.3ubuntu0.1_amd64.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bi n_2.1.19-1.3ubuntu0.1_amd64.deb


• Ubuntu sasl2-bin_2.1.19-1.3ubuntu0.1_i386.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bi n_2.1.19-1.3ubuntu0.1_i386.deb


• Ubuntu sasl2-bin_2.1.19-1.3ubuntu0.1_powerpc.deb
  Ubuntu 4.10:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bi n_2.1.19-1.3ubuntu0.1_powerpc.deb


• Ubuntu sasl2-bin_2.1.19-1.5ubuntu1.1_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bi n_2.1.19-1.5ubuntu1.1_amd64.deb


• Ubuntu sasl2-bin_2.1.19-1.5ubuntu1.1_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bi n_2.1.19-1.5ubuntu1.1_i386.deb


• Ubuntu sasl2-bin_2.1.19-1.5ubuntu1.1_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bi n_2.1.19-1.5ubuntu1.1_powerpc.deb


• Ubuntu sasl2-bin_2.1.19-1.5ubuntu4.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2. 1.19-1.5ubuntu4.2_amd64.deb


• Ubuntu sasl2-bin_2.1.19-1.5ubuntu4.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2. 1.19-1.5ubuntu4.2_i386.deb


• Ubuntu sasl2-bin_2.1.19-1.5ubuntu4.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2. 1.19-1.5ubuntu4.2_powerpc.deb

Cyrus-Utils SASL 2.1.9

• cyrus cyrus-sasl-2.1.21.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz

Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability

References:

• Cyrus Project Web Site (Cyrus)
  
• Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service [MU-200604-01] (Mu Security)
  
• Cyrus SASL Home Page (Cyrus)
  
• TA06-275A - Multiple Vulnerabilities in Apple and Adobe Products (US-CERT)
  
• ASA-2007-426 cyrus-sasl security and bug fix update (RHSA-2007-0795) (Avaya)
  
• RHSA-2007:0795-4 cyrus-sasl security and bug fix update (Red Hat)
  
• RHSA-2007:0878-10 cyrus-sasl security update (Red Hat)