The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sasl | Cyrus | 1.5.24 (including) | 1.5.24 (including) |
| Sasl | Cyrus | 1.5.27 (including) | 1.5.27 (including) |
| Sasl | Cyrus | 1.5.28 (including) | 1.5.28 (including) |
| Sasl | Cyrus | 2.1.9 (including) | 2.1.9 (including) |
| Sasl | Cyrus | 2.1.10 (including) | 2.1.10 (including) |
| Sasl | Cyrus | 2.1.11 (including) | 2.1.11 (including) |
| Sasl | Cyrus | 2.1.12 (including) | 2.1.12 (including) |
| Sasl | Cyrus | 2.1.13 (including) | 2.1.13 (including) |
| Sasl | Cyrus | 2.1.14 (including) | 2.1.14 (including) |
| Sasl | Cyrus | 2.1.15 (including) | 2.1.15 (including) |
| Sasl | Cyrus | 2.1.16 (including) | 2.1.16 (including) |
| Sasl | Cyrus | 2.1.17 (including) | 2.1.17 (including) |
| Sasl | Cyrus | 2.1.18 (including) | 2.1.18 (including) |
| Sasl | Cyrus | 2.1.18_r1 (including) | 2.1.18_r1 (including) |
| Linux | Conectiva | 9.0 (including) | 9.0 (including) |
| Linux | Conectiva | 10.0 (including) | 10.0 (including) |
| Red Hat Enterprise Linux 3 | RedHat | cyrus-sasl-0:2.1.15-10 | * |
| Cyrus-sasl2 | Ubuntu | dapper | * |
| Cyrus-sasl2 | Ubuntu | devel | * |
| Cyrus-sasl2 | Ubuntu | edgy | * |
| Cyrus-sasl2 | Ubuntu | feisty | * |
| Cyrus-sasl2-heimdal | Ubuntu | devel | * |
| Cyrus-sasl2-mit | Ubuntu | dapper | * |
| Cyrus-sasl2-mit | Ubuntu | edgy | * |
| Cyrus-sasl2-mit | Ubuntu | feisty | * |