Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2004-0884

Published: 27/01/2005 Updated: 11/10/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sasl

Vulnerability Summary

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and previous versions trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Vulnerable Product Search on Vulmon Subscribe to Product

cyrus sasl 2.1.10

cyrus sasl 2.1.11

cyrus sasl 2.1.18

cyrus sasl 2.1.18_r1

cyrus sasl 2.1.9

cyrus sasl 2.1.12

cyrus sasl 2.1.13

conectiva linux 10.0

conectiva linux 9.0

cyrus sasl 1.5.24

cyrus sasl 2.1.14

cyrus sasl 2.1.15

cyrus sasl 1.5.27

cyrus sasl 1.5.28

cyrus sasl 2.1.16

cyrus sasl 2.1.17

Vendor Advisories

Red Hat: cyrus-sasl security update
Synopsis cyrus-sasl security update Type/Severity Security Advisory: Important Topic Updated cyrus-sasl packages that fix a setuid and setgid applicationvulnerability are now available[Updated 7th October 2004]Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3;the patch in the previ ...
Debian Security Advisories: DSA-568-1 cyrus-sasl-mit -- unsanitised input
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary cod ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2004/dsa-563http://www.securityfocus.com/bid/11347http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlhttp://www.debian.org/security/2004/dsa-568https://bugzilla.fedora.us/show_bug.cgi?id=2137http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlhttp://rhn.redhat.com/errata/RHSA-2004-546.htmlhttp://www.trustix.net/errata/2004/0053/http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657http://www.ciac.org/ciac/bulletins/p-003.shtmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:106http://marc.info/?l=bugtraq&m=110693126007214&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/17643https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678https://access.redhat.com/errata/RHSA-2004:546https://nvd.nist.govhttps://www.debian.org/security/./dsa-568
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook