SUSE-SA:2006:025: cyrus-sasl-digestmd5

medium Nessus Plugin ID 21370

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:025 (cyrus-sasl-digestmd5).

If a server or client is using DIGEST-MD5 authentication via the cyrus-sasl libraries it is possible to cause a denial of service attack against the other side (client or server) by leaving out the 'realm=' header in the authentication.

This is tracked by the Mitre CVE ID CVE-2006-1721.

Solution

http://www.suse.de/security/advisories/2006_05_05.html

Plugin Details

Severity: Medium

ID: 21370

File Name: suse_SA_2006_025.nasl

Version: 1.7

Agent: unix

Family: SuSE Local Security Checks

Published: 5/13/2006

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Detections

Analytics