MDKSA-2006:073 : cyrus-sasl

Low Nessus Plugin ID 21280


The remote Mandrake host is missing one or more security-related patches.


A vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library < 2.1.21, has an unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner found it is possible to crash the cyrus-imapd daemon with a carefully crafted communication that leaves out 'realm=...' in the reply or the initial server response.

Updated packages have been patched to address this issue.


Update the affected package(s).

See Also

Plugin Details

Severity: Low

ID: 21280

File Name: mandrake_MDKSA-2006-073.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2006/04/26

Modified: 2012/09/07

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:mandriva:linux

Required KB Items: Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2006/04/24

Reference Information

CVE: CVE-2006-1721