Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2004-0884

Published: 27 January 2005

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Priority

Unknown

Status

Package Release Status
cyrus-sasl2
Launchpad, Ubuntu, Debian 		dapper
Released (2.1.19.dfsg1-0.1ubuntu2)
edgy
Released (2.1.19.dfsg1-0.1ubuntu2)
feisty
Released (2.1.19.dfsg1-0.1ubuntu2)
upstream Needs triage

gutsy
Released (2.1.19.dfsg1-0.1ubuntu2)
cyrus-sasl2-mit
Launchpad, Ubuntu, Debian 		dapper
Released (2.1.19-2)
edgy
Released (2.1.19-2)
feisty
Released (2.1.19-2)
upstream Needs triage

gutsy Does not exist

cyrus-sasl2-heimdal
Launchpad, Ubuntu, Debian 		dapper Does not exist

edgy Does not exist

feisty Does not exist

upstream Needs triage

gutsy
Released (2.1.22.dfsg1-12)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading