This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Oracle Linux host is missing one or more security updates.
From Red Hat Security Advisory 2007:0878 :
Updated cyrus-sasl packages that correct a security issue are now
available for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
The cyrus-sasl package contains the Cyrus implementation of SASL. SASL
is the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.
A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism.
As part of the DIGEST-MD5 authentication exchange, the client is
expected to send a specific set of information to the server. If one
of these items (the 'realm') was not sent or was malformed, it was
possible for a remote unauthenticated attacker to cause a denial of
service (segmentation fault) on the server. (CVE-2006-1721)
Users of cyrus-sasl should upgrade to these updated packages, which
contain a backported patch to correct this issue.
See also :
Update the affected cyrus-sasl packages.
Risk factor :
Low / CVSS Base Score : 2.6
Family: Oracle Linux Local Security Checks
Nessus Plugin ID: 67567 ()
CVE ID: CVE-2006-1721
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.