CVE Vulnerabilities

CVE-2004-0884

Published: Jan 27, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Affected Software

Name Vendor Start Version End Version
Sasl Cyrus 1.5.24 (including) 1.5.24 (including)
Sasl Cyrus 1.5.27 (including) 1.5.27 (including)
Sasl Cyrus 1.5.28 (including) 1.5.28 (including)
Sasl Cyrus 2.1.9 (including) 2.1.9 (including)
Sasl Cyrus 2.1.10 (including) 2.1.10 (including)
Sasl Cyrus 2.1.11 (including) 2.1.11 (including)
Sasl Cyrus 2.1.12 (including) 2.1.12 (including)
Sasl Cyrus 2.1.13 (including) 2.1.13 (including)
Sasl Cyrus 2.1.14 (including) 2.1.14 (including)
Sasl Cyrus 2.1.15 (including) 2.1.15 (including)
Sasl Cyrus 2.1.16 (including) 2.1.16 (including)
Sasl Cyrus 2.1.17 (including) 2.1.17 (including)
Sasl Cyrus 2.1.18 (including) 2.1.18 (including)
Sasl Cyrus 2.1.18_r1 (including) 2.1.18_r1 (including)
Linux Conectiva 9.0 (including) 9.0 (including)
Linux Conectiva 10.0 (including) 10.0 (including)
Red Hat Enterprise Linux 3 RedHat cyrus-sasl-0:2.1.15-10 *
Cyrus-sasl2 Ubuntu dapper *
Cyrus-sasl2 Ubuntu devel *
Cyrus-sasl2 Ubuntu edgy *
Cyrus-sasl2 Ubuntu feisty *
Cyrus-sasl2-heimdal Ubuntu devel *
Cyrus-sasl2-mit Ubuntu dapper *
Cyrus-sasl2-mit Ubuntu edgy *
Cyrus-sasl2-mit Ubuntu feisty *

References