Vulnerability in Conectiva Linux

CVE-2004-0884

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to poin…

EPSS: 0.005 (39.1th percentile) — read the EPSS interpretation.

Affected products

Conectiva Linux — versions 9.0, 10.0
Cyrus Sasl — versions 1.5.24, 1.5.27, 1.5.28
N/a — versions n/a

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (vendor-advisory, x_refsource_TRUSTIX)
cve@mitre.org (government-resource, x_refsource_CIAC, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)
cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
cve@mitre.org (vendor-advisory, Patch, x_refsource_DEBIAN, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)