CVE-2004-0884
Published: 27 January 2005
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Priority
Status
Package | Release | Status |
---|---|---|
cyrus-sasl2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.1.19.dfsg1-0.1ubuntu2)
|
edgy |
Released
(2.1.19.dfsg1-0.1ubuntu2)
|
|
feisty |
Released
(2.1.19.dfsg1-0.1ubuntu2)
|
|
upstream |
Needs triage
|
|
gutsy |
Released
(2.1.19.dfsg1-0.1ubuntu2)
|
|
cyrus-sasl2-mit Launchpad, Ubuntu, Debian |
dapper |
Released
(2.1.19-2)
|
edgy |
Released
(2.1.19-2)
|
|
feisty |
Released
(2.1.19-2)
|
|
upstream |
Needs triage
|
|
gutsy |
Does not exist
|
|
cyrus-sasl2-heimdal Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
gutsy |
Released
(2.1.22.dfsg1-12)
|