SuSE Update For Libxcrypt SUSE-SA:2008:036 Network Vulnerability

Impact

use of weak password hash algorithm

Solution

Please Install the Updated Packages.

Insight

libxcrypt is used on openSUSE to calculate the hash value of passwords. It can be configured to use DES, MD5 or blowfish. Due to a bug in libxcrypt the DES algorithm was used if MD5 was configured in /etc/default/passwd. The default algorithm used on openSUSE is blowfish which worked as expected though.

Affected

libxcrypt on openSUSE 11.0

References

http://www.novell.com/linux/security/advisories/2008_36_libxcrypt.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3188

CVSS	Base Score: 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for file
SLES10: Security update for bind
SLES10: Security update for CUPS
SLES10: Security update for curl
SLES10: Security update for compat-openssl097g

SuSE Update for libxcrypt SUSE-SA:2008:036

Take action and discover your vulnerabilities