MDKSA-2006:073 : cyrus-sasl
Low Nessus Plugin ID 21280
SynopsisThe remote Mandrake host is missing one or more security-related patches.
DescriptionA vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library < 2.1.21, has an unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner found it is possible to crash the cyrus-imapd daemon with a carefully crafted communication that leaves out 'realm=...' in the reply or the initial server response.
Updated packages have been patched to address this issue.
SolutionUpdate the affected package(s).