If a server or client is using DIGEST-MD5 authentication via the cyrus-sasl libraries it is possible to cause a denial of service attack against the other side (client or server) by leaving out the “realm=” header in the authentication.
There is no known workaround, please install the update packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | x86_64 | cyrus-sasl-digestmd5 | < 2.1.18-33.11 | cyrus-sasl-digestmd5-2.1.18-33.11.x86_64.rpm |
openSUSE | 9.2 | i586 | cyrus-sasl-digestmd5 | < 2.1.19-7.4 | cyrus-sasl-digestmd5-2.1.19-7.4.i586.rpm |
openSUSE | 9.3 | i586 | cyrus-sasl-digestmd5 | < 2.1.20-7.2 | cyrus-sasl-digestmd5-2.1.20-7.2.i586.rpm |
openSUSE | 9.3 | x86_64 | cyrus-sasl-digestmd5 | < 2.1.20-7.2 | cyrus-sasl-digestmd5-2.1.20-7.2.x86_64.rpm |
openSUSE | 9.2 | x86_64 | cyrus-sasl-digestmd5 | < 2.1.19-7.4 | cyrus-sasl-digestmd5-2.1.19-7.4.x86_64.rpm |
openSUSE | 9.1 | i586 | cyrus-sasl-digestmd5 | < 2.1.18-33.11 | cyrus-sasl-digestmd5-2.1.18-33.11.i586.rpm |