|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN272-1 : cyrus-sasl2 vulnerability Vulnerability Scan
Vulnerability Scan Summary
cyrus-sasl2 vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libsasl2
- libsasl2-dev
- libsasl2-modules
- libsasl2-modules-gssapi-heimdal
- libsasl2-modules-kerberos-heimdal
- libsasl2-modules-sql
- sasl2-bin
Description :
A Denial of Service vulnerability has been discovered in the SASL
authentication library when using the DIGEST-MD5 test. By sending a
specially crafted realm name, a malicious SASL server could exploit
this to crash the application that uses SASL.
Solution :
Upgrade to :
- libsasl2-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-dev-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-gssapi-heimdal-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-kerberos-heimdal-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- libsasl2-modules-sql-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
- sasl2-bin-2.1.19-1.5ubuntu4.2 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
