The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sasl | Cyrus | 2.1.16 | 2.1.16 |
Sasl | Cyrus | 2.1.13 | 2.1.13 |
Linux | Conectiva | 9.0 | 9.0 |
Sasl | Cyrus | 2.1.18_r1 | 2.1.18_r1 |
Sasl | Cyrus | 2.1.11 | 2.1.11 |
Sasl | Cyrus | 1.5.24 | 1.5.24 |
Sasl | Cyrus | 1.5.27 | 1.5.27 |
Sasl | Cyrus | 2.1.14 | 2.1.14 |
Sasl | Cyrus | 1.5.28 | 1.5.28 |
Sasl | Cyrus | 2.1.18 | 2.1.18 |
Sasl | Cyrus | 2.1.12 | 2.1.12 |
Sasl | Cyrus | 2.1.17 | 2.1.17 |
Linux | Conectiva | 10.0 | 10.0 |
Sasl | Cyrus | 2.1.9 | 2.1.9 |
Sasl | Cyrus | 2.1.10 | 2.1.10 |
Sasl | Cyrus | 2.1.15 | 2.1.15 |