Vulnerability Description
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cyrus | Sasl | 1.5.24 |
| Openpkg | Openpkg | 2.1 |
| Suse | Suse Cvsup | 16.1h_36.i586 |
| Conectiva | Linux | 9.0 |
| Apple | Mac Os X | 10.0 |
| Apple | Mac Os X Server | 10.0 |
| Redhat | Fedora Core | core_1.0 |
| Suse | Suse Linux | 1.0 |
References
- http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlPatchVendor Advisory
- http://www.linuxcompatible.org/print42495.htmlPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:054
- http://www.monkey.org/openbsd/archive/ports/0407/msg00265.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/11347PatchVendor Advisory
- https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.Vendor Advisory
- https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17642
- http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlPatchVendor Advisory
- http://www.linuxcompatible.org/print42495.htmlPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:054
- http://www.monkey.org/openbsd/archive/ports/0407/msg00265.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/11347PatchVendor Advisory
- https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.Vendor Advisory
- https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?Vendor Advisory
FAQ
What is CVE-2005-0373?
CVE-2005-0373 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to e...
How severe is CVE-2005-0373?
CVE-2005-0373 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0373?
Check the references section above for vendor advisories and patch information. Affected products include: Cyrus Sasl, Openpkg Openpkg, Suse Suse Cvsup, Conectiva Linux, Apple Mac Os X.