Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2006-1721

Disclosure Date: April 11, 2006 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

cyrus

Products

sasl 2.1.18,
sasl 2.1.18 r1,
sasl 2.1.18 r2,
sasl 2.1.19,
sasl 2.1.20

References

Canonical

CVE-2006-1721 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721)

BID-17446 (http://www.securityfocus.com/bid/17446)

Advisory

SECUNIA-26708 (http://secunia.com/advisories/26708)

ADV-2008-1744 (http://www.vupen.com/english/advisories/2008/1744)

SECUNIA-19825 (http://secunia.com/advisories/19825)

http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775

SECUNIA-19809 (http://secunia.com/advisories/19809)

SECUNIA-19618 (http://secunia.com/advisories/19618)

SECUNIA-19753 (http://secunia.com/advisories/19753)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9861

XF-cyrus-sasl-digest-dos(25738) (https://exchange.xforce.ibmcloud.com/vulnerabilities/25738)

http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm

SECUNIA-26857 (http://secunia.com/advisories/26857)

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

20060410 [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service (http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044992.html)

SECUNIA-22187 (http://secunia.com/advisories/22187)

http://www.mandriva.com/security/advisories?name=MDKSA-2006:073

ADV-2006-3852 (http://www.vupen.com/english/advisories/2006/3852)

SECUNIA-27237 (http://secunia.com/advisories/27237)

http://www.redhat.com/support/errata/RHSA-2007-0878.html

http://www.redhat.com/support/errata/RHSA-2007-0795.html

SECUNIA-20014 (http://secunia.com/advisories/20014)

APPLE-SA-2006-09-29 (http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html)

SECUNIA-30535 (http://secunia.com/advisories/30535)

SECUNIA-19964 (http://secunia.com/advisories/19964)

20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (http://www.securityfocus.com/archive/1/493080/100/0/threaded)

USN-272-1 (https://usn.ubuntu.com/272-1)

http://www.novell.com/linux/security/advisories/2006_05_05.html

SECTRACK-1016960 (http://securitytracker.com/id?1016960)

GLSA-200604-09 (http://www.gentoo.org/security/en/glsa/glsa-200604-09.xml)

ADV-2006-1306 (http://www.vupen.com/english/advisories/2006/1306)

DSA-1042 (http://www.debian.org/security/2006/dsa-1042)

Miscellaneous

http://labs.musecurity.com/advisories/MU-200604-01.txt

2006-0024 (http://www.trustix.org/errata/2006/0024)

Rapid7

Technical Analysis