Summary
The remote host is missing an update to cyrus-sasl2 announced via advisory DSA 1042-1.
The Mu Security research team discovered a denial of service condition in the Simple Authentication and Security Layer authentication library (SASL) during DIGEST-MD5 negotiation. This potentially affects multiple products that use SASL DIGEST-MD5 authentication including OpenLDAP, Sendmail, Postfix, etc.
The old stable distribution (woody) is not affected by this problem.
Solution
For the stable distribution (sarge) this problem has been fixed in version 2.1.19-1.5sarge1.
For the unstable distribution (sid) this problem has been fixed in version 2.1.19.dfsg1-0.2.
We recommend that you upgrade your cyrus-sasl2 packages.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201042-1
Severity
Classification
-
CVE CVE-2006-1721 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P
Related Vulnerabilities