CVE-2004-0884

Current Description

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Basic Data

PublishedJanuary 27, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCyrusSasl1.5.24*******
    2.3ApplicationCyrusSasl1.5.27*******
    2.3ApplicationCyrusSasl1.5.28*******
    2.3ApplicationCyrusSasl2.1.9*******
    2.3ApplicationCyrusSasl2.1.10*******
    2.3ApplicationCyrusSasl2.1.11*******
    2.3ApplicationCyrusSasl2.1.12*******
    2.3ApplicationCyrusSasl2.1.13*******
    2.3ApplicationCyrusSasl2.1.14*******
    2.3ApplicationCyrusSasl2.1.15*******
    2.3ApplicationCyrusSasl2.1.16*******
    2.3ApplicationCyrusSasl2.1.17*******
    2.3ApplicationCyrusSasl2.1.18*******
    2.3ApplicationCyrusSasl2.1.18_r1*******
    2.3OSConectivaLinux9.0*******
    2.3OSConectivaLinux10.0*******

Vulnerable Software List

VendorProductVersions
Cyrus Sasl 1.5.24, 1.5.27, 1.5.28, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.18_r1, 2.1.9
Conectiva Linux 10.0, 9.0

References

NameSourceURLTags
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657CONFIRM
APPLE-SA-2005-03-21http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlAPPLE
20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)http://marc.info/?l=bugtraq&m=110693126007214&w=2BUGTRAQ
RHSA-2004:546http://rhn.redhat.com/errata/RHSA-2004-546.htmlREDHAT
P-003http://www.ciac.org/ciac/bulletins/p-003.shtmlCIAC
DSA-563http://www.debian.org/security/2004/dsa-563DEBIANPatch Vendor Advisory
DSA-568http://www.debian.org/security/2004/dsa-568DEBIAN
GLSA-200410-05http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlGENTOO
MDKSA-2004:106http://www.mandriva.com/security/advisories?name=MDKSA-2004:106MANDRAKE
11347http://www.securityfocus.com/bid/11347BIDPatch Vendor Advisory
2004-0053http://www.trustix.net/errata/2004/0053/TRUSTIX
FLSA:2137https://bugzilla.fedora.us/show_bug.cgi?id=2137FEDORA
cyrus-sasl-saslpath(17643)https://exchange.xforce.ibmcloud.com/vulnerabilities/17643XF
oval:org.mitre.oval:def:11678https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678OVAL