Vulnerability Name:

CVE-2006-1721 (CCN-25738)

Assigned:2005-05-15
Published:2005-05-15
Updated:2018-10-18
Summary:digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Carnegie Mellon University's FTP site
/pub/cyrus-mail/

Source: SGI
Type: UNKNOWN
20070901-01-P

Source: CCN
Type: Full-Disclosure Mailing List, Mon Apr 10 2006 - 13:05:41 CDT
[MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

Source: CONFIRM
Type: UNKNOWN
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775

Source: MITRE
Type: CNA
CVE-2006-1721

Source: CCN
Type: Mac OS X 10.4.8 and Security Update 2006-006
About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006

Source: MISC
Type: Patch
http://labs.musecurity.com/advisories/MU-200604-01.txt

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-09-29

Source: FULLDISC
Type: UNKNOWN
20060410 [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

Source: CCN
Type: RHSA-2007-0795
Moderate: cyrus-sasl security and bug fix update

Source: CCN
Type: RHSA-2007-0878
Moderate: cyrus-sasl security update

Source: CCN
Type: SA19618
Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

Source: SECUNIA
Type: Patch, Vendor Advisory
19618

Source: SECUNIA
Type: Vendor Advisory
19753

Source: SECUNIA
Type: Vendor Advisory
19809

Source: SECUNIA
Type: Vendor Advisory
19825

Source: SECUNIA
Type: Vendor Advisory
19964

Source: SECUNIA
Type: Vendor Advisory
20014

Source: CCN
Type: SA22187
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22187

Source: SECUNIA
Type: Vendor Advisory
26708

Source: SECUNIA
Type: Vendor Advisory
26857

Source: CCN
Type: SA27237
Avaya Products Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

Source: SECUNIA
Type: Vendor Advisory
27237

Source: CCN
Type: SA30535
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: Vendor Advisory
30535

Source: CCN
Type: SECTRACK ID: 1016960
Cyrus SASL DIGEST-MD5 Negotiation Flaw Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1016960

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm

Source: CCN
Type: ASA-2007-426
cyrus-sasl security and bug fix update (RHSA-2007-0795)

Source: DEBIAN
Type: UNKNOWN
DSA-1042

Source: DEBIAN
Type: DSA-1042
cyrus-sasl2 -- programming error

Source: CCN
Type: GLSA-200604-09
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Source: GENTOO
Type: UNKNOWN
GLSA-200604-09

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:073

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:025

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0795

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0878

Source: BUGTRAQ
Type: UNKNOWN
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: BID
Type: Patch
17446

Source: CCN
Type: BID-17446
Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2006-0024

Source: CCN
Type: USN-272-1
cyrus-sasl2 vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-275A
Multiple Vulnerabilities in Apple and Adobe Products

Source: CCN
Type: VMSA-2008-0009
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1306

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3852

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1744

Source: XF
Type: UNKNOWN
cyrus-sasl-digest-dos(25738)

Source: XF
Type: UNKNOWN
cyrus-sasl-digest-dos(25738)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9861

Source: UBUNTU
Type: UNKNOWN
USN-272-1

Source: SUSE
Type: SUSE-SA:2006:025
cyrus-sasl-digestmd5 denial of service attack

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cyrus:sasl:2.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.18_r1:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.18_r2:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.20:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.18:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:message_networking:-:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20061721
    V
    		CVE-2006-1721
    2015-11-16
    oval:org.mitre.oval:def:9861
    V
    		digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
    2013-04-29
    oval:com.redhat.rhsa:def:20070795
    P
    		RHSA-2007:0795: cyrus-sasl security and bug fix update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20070878
    P
    		RHSA-2007:0878: cyrus-sasl security update (Moderate)
    2008-03-20
    oval:org.debian:def:1042
    V
    		programming error
    2006-04-25
    BACK
    cyrus sasl 2.1.18
    cyrus sasl 2.1.18_r1
    cyrus sasl 2.1.18_r2
    cyrus sasl 2.1.19
    cyrus sasl 2.1.20
    carnegie_mellon_university cyrus-sasl 2.1.18
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    debian debian linux 3.1
    mandrakesoft mandrake multi network firewall 2.0
    avaya intuity audix lx *
    avaya message networking -
    mandrakesoft mandrake linux corporate server 3.0
    avaya communication manager 3.1
    avaya communication manager 4.0.3
    avaya communication manager 3.1.4
    vmware workstation 6.0
    avaya communication manager 2.0
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    vmware ace 2.0
    avaya communication manager 4.0
    avaya communication manager 2.0.1
    avaya communication manager 3.1.3
    vmware server 1.0.3
    suse suse linux 9.3
    vmware ace 2.0.3
    vmware ace 2.0.1
    vmware ace 2.0.2
    vmware esx server 3.5
    vmware server 1.0
    vmware fusion 1.0
    vmware workstation 6.0.1
    vmware workstation 6.0.2
    vmware server 1.0.1
    vmware server 1.0.2
    vmware server 1.0.4
    vmware server 1.0.5
    vmware fusion 1.1
    vmware fusion 1.1.1
    avaya communication manager 3.1.1
    avaya communication manager 3.1.2
    avaya communication manager 4.0.1