remote denial of service in cyrus-sasl-digestmd5

ID SUSE-SA:2006:025
Type suse
Reporter Suse
Modified 2006-05-05T14:16:08


If a server or client is using DIGEST-MD5 authentication via the cyrus-sasl libraries it is possible to cause a denial of service attack against the other side (client or server) by leaving out the "realm=" header in the authentication.


There is no known workaround, please install the update packages.