CVE-2005-0373
published 2004-10-07CVE-2005-0373: Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.92%
89.0th percentile
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Affected
82 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2005-0373: cyrus-sasl2 - Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5...
vendor_debian·2005·CVSS 7.5
CVE-2005-0373 [HIGH] CVE-2005-0373: cyrus-sasl2 - Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5...
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Scope: local
bookworm: resolved (fixed in 2.1.19.dfsg1-0sarge2)
bullseye: resolved (fixed in 2.1.19.dfsg1-0sarge2)
forky: resolved (fixed in 2.1.19.dfsg1-0sarge2)
sid: resolved (fixed in 2.1.19.dfsg1-0sarge2)
trixie: resolved (fixed in 2.1.19.dfsg1-0sarge2)
Red Hat
CVE-2005-0373: Buffer overflow in digestmd5
vendor_redhat·CVSS 7.5
CVE-2005-0373 [HIGH] CVE-2005-0373: Buffer overflow in digestmd5
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Statement: Not vulnerable. This issue did not affect the versions of Cyrus SASL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
GHSA
GHSA-48q4-vrg4-8rx4: Buffer overflow in digestmd5
ghsa_unreviewed·2022-05-01
CVE-2005-0373 [HIGH] GHSA-48q4-vrg4-8rx4: Buffer overflow in digestmd5
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
OSV
CVE-2005-0373: Buffer overflow in digestmd5
osv·2004-10-07·CVSS 7.5
CVE-2005-0373 [HIGH] CVE-2005-0373: Buffer overflow in digestmd5
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
No detection rules found.
No public exploits indexed.
Bugzilla
Remote buffer overflow in the digestmd5.c
bugzilla·2005-02-25·CVSS 7.5
CVE-2005-0373 [HIGH] Remote buffer overflow in the digestmd5.c
Remote buffer overflow in the digestmd5.c
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0373
Affects RHEL 3 and 4. Please check whether it affects RHEL 2.1.
Discussion:
ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo-portage/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.18-cvs-1.172.patch
---
Does not affect RHEL 4 (2.1.19). Does affect RHEL 3 (2.1.18). Not sure
about RHEL 2.1.
---
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c#rev1.171
:
* plugins/digestmd5.c: Fix potential buffer overflow, call
add_to_challenge in 2 more places (Alexey Melnikov
So indeed the issue seems to be the sprintf(text->outbuf)s, not the
quoting.
---
Alexey Melnikov verified that this issue only exists in rev 1.170 of
digestmd5.c. Official releases are hence not vu
Bugzilla
Remote buffer overflow in the digestmd5.c
bugzilla·2005-02-25·CVSS 7.5
CVE-2005-0373 [HIGH] Remote buffer overflow in the digestmd5.c
Remote buffer overflow in the digestmd5.c
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0373
Affects FC2 and FC3.
Discussion:
Only affects FC2 (2.1.18), not FC3 (2.1.19).
ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo-portage/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.18-cvs-1.172.patch
---
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c#rev1.171
:
* plugins/digestmd5.c: Fix potential buffer overflow, call
add_to_challenge in 2 more places (Alexey Melnikov
So indeed the issue seems to be the sprintf(text->outbuf)s, not the
quoting.
---
Alexey Melnikov verified that this issue only exists in rev 1.170 of
digestmd5.c. Official releases are hence not vulnerable.
Closing NOTABUG.
Bugzilla
Remote buffer overflow in the digestmd5.c
bugzilla·2005-02-25·CVSS 7.5
CVE-2005-0373 [HIGH] Remote buffer overflow in the digestmd5.c
Remote buffer overflow in the digestmd5.c
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0373
Affects RHL 9 and FC 1. Please check whether it affects RHL 7.3.
Discussion:
ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo-portage/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.18-cvs-1.172.patch
---
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c#rev1.171
:
* plugins/digestmd5.c: Fix potential buffer overflow, call
add_to_challenge in 2 more places (Alexey Melnikov
So indeed the issue seems to be the sprintf(text->outbuf)s, not the
quoting.
---
Alexey Melnikov verified that this issue only exists in rev 1.170 of
digestmd5.c. Official releases are hence not vulnerable.
Closing NOTABUG.
http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlhttp://www.linuxcompatible.org/print42495.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:054http://www.monkey.org/openbsd/archive/ports/0407/msg00265.htmlhttp://www.securityfocus.com/bid/11347https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markuphttps://exchange.xforce.ibmcloud.com/vulnerabilities/17642http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlhttp://www.linuxcompatible.org/print42495.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:054http://www.monkey.org/openbsd/archive/ports/0407/msg00265.htmlhttp://www.securityfocus.com/bid/11347https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markuphttps://exchange.xforce.ibmcloud.com/vulnerabilities/17642
2004-10-07
Published