SuSE Update For Libxcrypt SUSE-SA:2008:036 Network Vulnerability

Impact

use of weak password hash algorithm

Solution

Please Install the Updated Packages.

Insight

libxcrypt is used on openSUSE to calculate the hash value of passwords. It can be configured to use DES, MD5 or blowfish. Due to a bug in libxcrypt the DES algorithm was used if MD5 was configured in /etc/default/passwd. The default algorithm used on openSUSE is blowfish which worked as expected though.

Affected

libxcrypt on openSUSE 11.0

References

http://www.novell.com/linux/security/advisories/2008_36_libxcrypt.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3188
CVSS Base Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for fetchmail
SLES10: Security update for freetype2,
SLES10: Security update for Cyrus IMAPD
SLES10: Security update for NetworkManager
SLES10: Security update for ClamAV

SuSE Update for libxcrypt SUSE-SA:2008:036

Take action and discover your vulnerabilities