Vulnerability CVE-2005-0373


Published: 2004-10-07   Modified: 2012-02-12

Description:
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUSE -> Suse cvsup 
SUSE -> Suse linux 
Redhat -> Fedora core 
Openpkg -> Openpkg 
Cyrus -> SASL 
Conectiva -> Linux 
Apple -> Mac os x 
Apple -> Mac os x server 

 References:
http://xforce.iss.net/xforce/xfdb/17642
http://www.securityfocus.com/bid/11347
http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html
http://www.linuxcompatible.org/print42495.html
http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171
http://www.mandriva.com/security/advisories?name=MDKSA-2005:054

Copyright 2021, cxsecurity.com

 

Back to Top