381427 – dev-libs/cyrus-sasl-2.1.23-r4 (and others) rimap authentication infinite loop

Bug 381427 - dev-libs/cyrus-sasl-2.1.23-r4 (and others) rimap authentication infinite loop

Summary: dev-libs/cyrus-sasl-2.1.23-r4 (and others) rimap authentication infinite loop

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Net-Mail Packages

URL:	http://asg.andrew.cmu.edu/archive/mes...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-09-01 13:37 UTC by Duane Griffin
Modified:	2011-09-02 07:22 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
cyrus-sasl-2.1.23-rimap-fix (cyrus-sasl-2.1.23-rimap-fix.patch,783 bytes, patch) 2011-09-01 13:38 UTC, Duane Griffin	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Duane Griffin 2011-09-01 13:37:36 UTC

It appears that cyrus-sasl rimap authentication has a long-standing bug whereby it will loop forever if given a username or password which includes a double-quote. See the referenced mail list archive message for an explanation.

Note that this is a remote-exploitable DoS vulnerability.

Reproducible: Always

Steps to Reproduce:
/usr/sbin/testsaslauthd -u '"' -p password
Actual Results:  
saslauthd hangs, taking 100% CPU.

Comment 1 Duane Griffin 2011-09-01 13:38:49 UTC

Created attachment 285245 [details, diff]
cyrus-sasl-2.1.23-rimap-fix

Comment 2 Eray Aslan gentoo-dev

2011-09-02 07:22:10 UTC

+*cyrus-sasl-2.1.23-r5 (02 Sep 2011)
+
+  02 Sep 2011; Eray Aslan <eras@gentoo.org> +cyrus-sasl-2.1.23-r5.ebuild,
+  +files/cyrus-sasl-2.1.23-rimap-loop.patch:
+  Patch for rimap quote loop - bug #381427
+