CVE-2004-0884
Publication date 27 January 2005
Last updated 24 July 2024
Ubuntu priority
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Status
Package | Ubuntu Release | Status |
---|---|---|
cyrus-sasl2 | 7.04 feisty |
Fixed 2.1.19.dfsg1-0.1ubuntu2
|
6.10 edgy |
Fixed 2.1.19.dfsg1-0.1ubuntu2
|
|
6.06 LTS dapper |
Fixed 2.1.19.dfsg1-0.1ubuntu2
|
|
cyrus-sasl2-heimdal | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
cyrus-sasl2-mit | 7.04 feisty |
Fixed 2.1.19-2
|
6.10 edgy |
Fixed 2.1.19-2
|
|
6.06 LTS dapper |
Fixed 2.1.19-2
|