remote denial of service in cyrus-sasl-digestmd5

2006-05-05T14:16:08
ID SUSE-SA:2006:025
Type suse
Reporter Suse
Modified 2006-05-05T14:16:08

Description

If a server or client is using DIGEST-MD5 authentication via the cyrus-sasl libraries it is possible to cause a denial of service attack against the other side (client or server) by leaving out the "realm=" header in the authentication.

Solution

There is no known workaround, please install the update packages.