http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0373 Affects RHEL 3 and 4. Please check whether it affects RHEL 2.1.
ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo-portage/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.18-cvs-1.172.patch
Does not affect RHEL 4 (2.1.19). Does affect RHEL 3 (2.1.18). Not sure about RHEL 2.1.
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c#rev1.171 : * plugins/digestmd5.c: Fix potential buffer overflow, call add_to_challenge in 2 more places (Alexey Melnikov So indeed the issue seems to be the sprintf(text->outbuf)s, not the quoting.
Alexey Melnikov verified that this issue only exists in rev 1.170 of digestmd5.c. Official releases are hence not vulnerable. Closing NOTABUG.