ID CVE-2004-0884
Summary The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
References
Vulnerable Configurations
  • cpe:2.3:a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:1.5.28:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:1.5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:sasl:2.1.18_r1:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:sasl:2.1.18_r1:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:15:18.355-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
family unix
id oval:org.mitre.oval:def:11678
status accepted
submitted 2010-07-09T03:56:16-04:00
title The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
version 29
redhat via4
advisories
rhsa
id RHSA-2004:546
rpms
  • cyrus-sasl-0:2.1.15-10
  • cyrus-sasl-debuginfo-0:2.1.15-10
  • cyrus-sasl-devel-0:2.1.15-10
  • cyrus-sasl-gssapi-0:2.1.15-10
  • cyrus-sasl-md5-0:2.1.15-10
  • cyrus-sasl-plain-0:2.1.15-10
refmap via4
apple APPLE-SA-2005-03-21
bid 11347
bugtraq 20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)
ciac P-003
confirm http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657
debian
  • DSA-563
  • DSA-568
fedora FLSA:2137
gentoo GLSA-200410-05
mandrake MDKSA-2004:106
trustix 2004-0053
xf cyrus-sasl-saslpath(17643)
Last major update 11-10-2017 - 01:29
Published 27-01-2005 - 05:00
Last modified 11-10-2017 - 01:29
Back to Top