On Wed, Apr 12, 2006 at 08:41:09PM +0200, Marcel Holtmann wrote: > Hi Alexey, > > > >We saw this advisory for cyrus-sasl, but can't see the problem > > >or the real issue. > > > > > >http://labs.musecurity.com/advisories/MU-200604-01.txt > > > > > >Is this issue for real? > > > > > > > > Yes, certain malformed input can cause segfault in the server side > > DIGEST-MD5 plugin. > > DIGEST-MD5 client side might be affected as well. > > the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you > tell us when it got fixed and point to an actual patch in the CVS. I > assume that this issue has already been fixed in version 2.1.20, but > also I might be wrong with this assumption. I found this one: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171 a heap buffer overflow? Ciao, Marcus
