Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN272-1 : cyrus-sasl2 vulnerability Vulnerability Scan

Vulnerability Scan Summary
cyrus-sasl2 vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libsasl2
- libsasl2-dev
- libsasl2-modules
- libsasl2-modules-gssapi-heimdal
- libsasl2-modules-kerberos-heimdal
- libsasl2-modules-sql
- sasl2-bin

Description :

A Denial of Service vulnerability has been discovered in the SASL
authentication library when using the DIGEST-MD5 test. By sending a
specially crafted realm name, a malicious SASL server could exploit
this to crash the application that uses SASL.

Solution :

Upgrade to :
- libsasl2-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-dev-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-gssapi-heimdal-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-kerberos-heimdal-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-sql-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- sasl2-bin-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.