CVE 2004-0884
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Related bugs and status
CVE-2004-0884 (Candidate) is related to these bugs:
Bug #8636: libsasl2: re-entrance when used with libnss-ldap
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
8636 | libsasl2: re-entrance when used with libnss-ldap | cyrus-sasl2 (Ubuntu) | Medium | Fix Released | ||
8636 | libsasl2: re-entrance when used with libnss-ldap | cyrus-sasl2 (Debian) | Unknown | Fix Released |
Bug #8883: cyrus-sasl2: Local privilege escalation on setuid environment (CAN-2004-0884)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
8883 | cyrus-sasl2: Local privilege escalation on setuid environment (CAN-2004-0884) | cyrus-sasl2 (Ubuntu) | High | Fix Released | ||
8883 | cyrus-sasl2: Local privilege escalation on setuid environment (CAN-2004-0884) | cyrus-sasl2 (Debian) | Unknown | Fix Released |
Bug #9127: fixed cyrus packages break sendmail
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
9127 | fixed cyrus packages break sendmail | cyrus-sasl2 (Ubuntu) | Medium | Invalid | ||
9127 | fixed cyrus packages break sendmail | cyrus-sasl2 (Debian) | Unknown | Fix Released |
Bug #10608: cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
10608 | cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13 | cyrus21-imapd (Ubuntu) | High | Fix Released | ||
10608 | cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13 | cyrus21-imapd (Debian) | Unknown | Fix Released |
Bug #15288: cyrus-sasl2: FTBFS (amd64/gcc-4.0): static declaration of 'global_callbacks' follows non-static declaration
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
15288 | cyrus-sasl2: FTBFS (amd64/gcc-4.0): static declaration of 'global_callbacks' follows non-static declaration | Ubuntu | High | Fix Released | ||
15288 | cyrus-sasl2: FTBFS (amd64/gcc-4.0): static declaration of 'global_callbacks' follows non-static declaration | Debian | Unknown | Fix Released |
Bug #23446: FTBFS: Syntax error before MD5_CTX
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
23446 | FTBFS: Syntax error before MD5_CTX | cyrus-sasl2 (Ubuntu) | High | Fix Released | ||
23446 | FTBFS: Syntax error before MD5_CTX | cyrus-sasl2 (Debian) | Unknown | Fix Released |
See the
CVE page on Mitre.org
for more details.