CVE Vulnerabilities

CVE-2004-0884

Published: Jan 27, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Affected Software

Name Vendor Start Version End Version
Sasl Cyrus 2.1.16 2.1.16
Sasl Cyrus 2.1.13 2.1.13
Linux Conectiva 9.0 9.0
Sasl Cyrus 2.1.18_r1 2.1.18_r1
Sasl Cyrus 2.1.11 2.1.11
Sasl Cyrus 1.5.24 1.5.24
Sasl Cyrus 1.5.27 1.5.27
Sasl Cyrus 2.1.14 2.1.14
Sasl Cyrus 1.5.28 1.5.28
Sasl Cyrus 2.1.18 2.1.18
Sasl Cyrus 2.1.12 2.1.12
Sasl Cyrus 2.1.17 2.1.17
Linux Conectiva 10.0 10.0
Sasl Cyrus 2.1.9 2.1.9
Sasl Cyrus 2.1.10 2.1.10
Sasl Cyrus 2.1.15 2.1.15

References