Bug#465561: sasl2-bin: saslauthd loops infinitely when username/password contains doublequote char
Fabian Fagerholm
fabbe at paniq.net
Wed Feb 13 09:40:23 UTC 2008
Package: sasl2-bin
Version: 2.1.22.dfsg1-17
Severity: important
Tags: patch
Upstream has fixed a bug where usernames/passwords containing double
quote characters would cause saslauthd to enter an infinite loop,
causing denial of service. This could be considered a local attack
vector, if users can alter their passwords.
Upstream has produced the following patch:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/saslauthd/auth_rimap.c.diff?r1=1.12;r2=1.13
I'm also attaching the patch to this submission.
--
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth_rimap.c.diff
Type: text/x-c
Size: 1040 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20080213/df35d510/attachment.bin
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list