Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:073: cyrus-sasl Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the cyrus-sasl package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:073 (cyrus-sasl).
A vulnerability in the CMU Cyrus Simple Authentication and Security Layer
(SASL) library < 2.1.21, has an unknown impact and remote unauthenticated
attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner
found it is possible to crash the cyrus-imapd daemon with a carefully crafted
communication that leaves out 'realm=...' in the reply or the initial server
response. Updated packages have been patched to address this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:073
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.