PublicDate: 2005-01-27 05:00:00 UTC
Candidate: CVE-2004-0884
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0884
Description:
 The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier
 trust the SASL_PATH environment variable to find all available SASL
 plug-ins, which allows local users to execute arbitrary code by modifying
 the SASL_PATH to point to malicious programs.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_cyrus-sasl2: released (2.1.19.dfsg1-0.1ubuntu2)
edgy_cyrus-sasl2: released (2.1.19.dfsg1-0.1ubuntu2)
feisty_cyrus-sasl2: released (2.1.19.dfsg1-0.1ubuntu2)
devel_cyrus-sasl2: released (2.1.19.dfsg1-0.1ubuntu2)
dapper_cyrus-sasl2-mit: released (2.1.19-2)
edgy_cyrus-sasl2-mit: released (2.1.19-2)
feisty_cyrus-sasl2-mit: released (2.1.19-2)
devel_cyrus-sasl2-mit: DNE
dapper_cyrus-sasl2-heimdal: DNE
edgy_cyrus-sasl2-heimdal: DNE
feisty_cyrus-sasl2-heimdal: DNE
devel_cyrus-sasl2-heimdal: released (2.1.22.dfsg1-12)
upstream_cyrus-sasl2: needs-triage
upstream_cyrus-sasl2-heimdal: needs-triage
upstream_cyrus-sasl2-mit: needs-triage