The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and previous versions trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cyrus sasl 2.1.10 |
||
cyrus sasl 2.1.11 |
||
cyrus sasl 2.1.18 |
||
cyrus sasl 2.1.18_r1 |
||
cyrus sasl 2.1.9 |
||
cyrus sasl 2.1.12 |
||
cyrus sasl 2.1.13 |
||
conectiva linux 10.0 |
||
conectiva linux 9.0 |
||
cyrus sasl 1.5.24 |
||
cyrus sasl 2.1.14 |
||
cyrus sasl 2.1.15 |
||
cyrus sasl 1.5.27 |
||
cyrus sasl 1.5.28 |
||
cyrus sasl 2.1.16 |
||
cyrus sasl 2.1.17 |