Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Ubuntu Linux » Cyrus-SASL denial of service

Cyrus-SASL denial of service

A Denial of Service vulnerability has been discovered in the SASL authentication library when using the DIGEST-MD5 plugin. By sending a specially crafted realm name, a malicious SASL server could exploit this to crash the application that uses SASL.

  • Vendor: Ubuntu Linux
  • Vendor ID: USN-272-1
  • Date: April 24, 2006


===========================================================
Ubuntu Security Notice USN-272-1 April 24, 2006
cyrus-sasl2 vulnerability
CVE-2006-1721
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libsasl2-modules-gssapi-heimdal

The problem can be corrected by upgrading the affected package to
version 2.1.19-1.3ubuntu0.1 (for Ubuntu 4.10), 2.1.19-1.5ubuntu1.1
(for Ubuntu 5.04), or 2.1.19-1.5ubuntu4.2 (for Ubuntu 5.10). In
general, a standard system upgrade is sufficient to effect the
necessary changes.

If you configured Postfix, OpenLDAP or possibly other server
applications to use SASL with the DIGEST-MD5 plugin, you need to
restart these services after the security upgrade.


Details follow:

A Denial of Service vulnerability has been discovered in the SASL
authentication library when using the DIGEST-MD5 plugin. By sending a
specially crafted realm name, a malicious SASL server could exploit
this to crash the application that uses SASL.


Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.diff.gz
Size/MD5: 31295 28e26e81bea870375a9044475339913f
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.dsc
Size/MD5: 1082 4131240372a9da4d2da02c9165d63bc8
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 258820 86d5866babc1766104f4b66ab2fed360
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 54526 6b723bbd20889704ca2cbd95067f151d
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 54196 fd9c85128b607d7df0339033102363db
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 52524 1ef5d455faa9f522ace1c7b06aff8ca0
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 171254 0c0b5377e38c80bc53a36aa4bb9d38fe
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 264802 3a8f1cde60bc029316fc1a9948a1eeea
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 117620 82cdfbb8f1883a52682a2808fe4ec98e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 242882 26d8e5125fd2b51b67a8217bd1efa180
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 52458 1e946756a860b576f046215d797e0c5b
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 52298 8d3e15320e81595c47f620b84d683008
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 50400 6f84abc1a297ec90540b69f017c92191
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 152680 902f2fa39200df4c9ac4e8cfcab8d5a1
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 258066 7033a447f8e1847b93312bfa9f9c02ec
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 110840 64ed0e4b55f330ad24045809e72ccd06

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 264940 70dd4d15d19b170f1c70d38d0bc10193
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 56018 5b54526494ddf58a33e4bdf543bba780
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 56380 56032db698c428dcbe75b4d757512b93
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 55278 14739969a83cde545f3b0e66f8ce3101
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 194980 c1e2415b877b8193fe354b1b94d967c6
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 267870 9a90c5d48cad62a75d2407ad599fc154
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 121432 f23c6ac86b2abd990251f3ea30a283bd

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.diff.gz
Size/MD5: 31862 3524326b12a7f4c2a54083112a441980
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.dsc
Size/MD5: 1123 6dc5725b50d570fdc3afaa31f6243fc2
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 259210 287831264637aedc415a393847aaa066
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 54948 17e37f99a905e84cd76351fcbeac834c
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 54588 ab164006d7872d14c6778bd132ed1b23
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 52918 742856dceb4a990996f168a115b5d2f7
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 171660 e8ebfc525ada0011c5860a8ea820c6aa
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 265256 9be5062981bdea93da18e3a24fbbb061
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 118028 807e7c5b7e0837c5bf93e7a2963f18ef

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_i386.deb
Size/MD5: 243314 a0a5e5f019fabd504c1168ce60f053ec
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_i386.deb
Size/MD5: 52906 dfb616094ef57f7591ad8f966b4b4d03
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_i386.deb
Size/MD5: 52722 03f25ef77dfd9c2cce364101ed0ed633
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_i386.deb
Size/MD5: 50824 9150dd1343df64ee2c57eb240ecfe498
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_i386.deb
Size/MD5: 153116 dee82b6c2ca3f763075ff3d5e824ee55
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_i386.deb
Size/MD5: 258560 df153bf88fae21444d00afe5c5c1fc90
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_i386.deb
Size/MD5: 110772 5566e338cc8f4ebb754b5dc5a25b7a00

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_powerpc.deb
Size/MD5: 265354 ebe27122c4b062fa1f1ef906830c19c2
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb
Size/MD5: 56622 7274aa84b2169d61ae8a5f8f1fe167d0
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb
Size/MD5: 56820 e9b6941fba543aedad4233c093a7ef86
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_powerpc.deb
Size/MD5: 55704 80c45956bd1585e718eeefa64843d017
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_powerpc.deb
Size/MD5: 195596 696a075b2b9a10ee61721dfca74368b4
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_powerpc.deb
Size/MD5: 268496 1d4a058025aa4210dc4aea5642e126ef
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_powerpc.deb
Size/MD5: 122386 71f7a563360db5af4cff6a922e6cdc88

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu4.2.diff.gz
Size/MD5: 32238 4379bdd1b85a544b1b8200f4bd75ef22
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu4.2.dsc
Size/MD5: 1118 3dd711ae4a6b42a25c3ba17c5f9a0184
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_amd64.deb
Size/MD5: 258702 06e792a8a438c8347e364516d2d481e1
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb
Size/MD5: 55334 03cebb2b22658b6171a75ea73940b44e
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb
Size/MD5: 54902 32f5cdff758267e7e67c2901b12b3262
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_amd64.deb
Size/MD5: 53392 8acf7ae921df96d2460503f4b100d1e9
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_amd64.deb
Size/MD5: 170336 c7067225cf809df464530d11700f4b1a
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_amd64.deb
Size/MD5: 265392 9519f2faec1133bf07bd4e6262b37674
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_amd64.deb
Size/MD5: 120368 c62cca6d7ddbab89ca1d6618a9a4301e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_i386.deb
Size/MD5: 238452 43b2451a409fa46438c1ed6001ad0518
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_i386.deb
Size/MD5: 52186 1fd7114b1c355e934f0b3363bed46293
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_i386.deb
Size/MD5: 52068 58fab05b8c2d7c3e79a6101916aeff76
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_i386.deb
Size/MD5: 50668 4227edf80ec5b33196b605221d2637bf
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_i386.deb
Size/MD5: 148696 ef3c461dd0ef63c66d0c2445f98db5c2
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_i386.deb
Size/MD5: 257950 b471034597675dbfb182134de1bcffae
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_i386.deb
Size/MD5: 110322 77f37efe9cf5edabced6ffb2a2c4937d

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_powerpc.deb
Size/MD5: 263098 d1e24e56a8e8ea8f45fb20125afb513a
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb
Size/MD5: 57070 62459acdd743c3ad9f157f6fb924b1ec
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb
Size/MD5: 57118 4a38b908ca8756b72007e2f6d3bd7da1
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_powerpc.deb
Size/MD5: 56332 5e512eade662a77ced5a75b91260990c
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_powerpc.deb
Size/MD5: 195132 dbcc356c7ac44eb2baf60f272887b365
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_powerpc.deb
Size/MD5: 269998 6fdecbfe27152db023c579a046fdf0cf
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_powerpc.deb
Size/MD5: 126618 6ae431cb9da835c0c443f802398d8a15

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »