--------------------------------------------------------------------------
Debian Security Advisory DSA 563-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
October 12th, 2004                       Debian -- Debian security FAQ 
--------------------------------------------------------------------------

Package        : cyrus-sasl
Vulnerability  : unsanitised input
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0884
Debian Bug     : 275498

A vulnerability has been discovered in the Cyrus implementation of the
SASL library, the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols.  The
library honors the environment variable SASL_PATH blindly, which
allows a local user to link against a malicious library to run
arbitrary code with the privileges of a setuid or setgid application.

For the stable distribution (woody) this problem has been fixed in
version 1.5.27-3woody2.

For the unstable distribution (sid) this problem has been fixed in
version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of
cyrus-sasl2.

We recommend that you upgrade your libsasl packages.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

      
      Size/MD5 checksum:      711 5eef2264f52bb4f3dc2a655285a889d2
      
      Size/MD5 checksum:    40375 35007ca458f24aedebc3a651bbb5f9d2
      
      Size/MD5 checksum:   528252 76ea426e2e2da3b8d2e3a43af5488f3b

  Alpha architecture:

      
      Size/MD5 checksum:    76260 6263d2d53f5cc606d11c372d078ffc63
      
      Size/MD5 checksum:    19100 8a901b0282fbd4ced40b820a961b01c0
      
      Size/MD5 checksum:    14944 dd2ce3541cd52e2564e829b9616cba76
      
      Size/MD5 checksum:   172284 759030ca07a99ac03d8243dca9c2cad1
      
      Size/MD5 checksum:    13414 076ea2b666ab7dd47de390829c9b59ab

  ARM architecture:

      
      Size/MD5 checksum:    70148 e4d6ea105d776178620d7b12c4a0896a
      
      Size/MD5 checksum:    15040 9691c34f18d88e24037dcbb1606156e9
      
      Size/MD5 checksum:    12452 e42407c240af8914be263deda7790cb0
      
      Size/MD5 checksum:   165868 4091e9262e8603612c1a3515f907fd6b
      
      Size/MD5 checksum:    10850 22d3bd0b8a64cf6b907ca268b55cb80d

  Intel IA-32 architecture:

      
      Size/MD5 checksum:    65256 a56f4a88b5ff92ce7928cb73729044fd
      
      Size/MD5 checksum:    13296 0b9d7f91fb9b0216098dc79b74530add
      
      Size/MD5 checksum:    11750 ceaeb52a01badb855be07fa38cd90c4b
      
      Size/MD5 checksum:   162842 e2ef2c121fe75a17a88494f405d57d1f
      
      Size/MD5 checksum:    11072 cbaca72bbc2c11ccb0958779aafccb27

  Intel IA-64 architecture:

      
      Size/MD5 checksum:    83800 2bafe3b35b0a800bbfdfa25e9ba05626
      
      Size/MD5 checksum:    23256 694e474ab24f799be51dc7b827485155
      
      Size/MD5 checksum:    19966 447a20a3ec15457d9d182b8d15fba107
      
      Size/MD5 checksum:   180928 29db43ba600016cc26f5c28b66b48129
      
      Size/MD5 checksum:    14244 b1a996ee1e45cb4ce07c49a7ca3239f4

  HP Precision architecture:

      
      Size/MD5 checksum:    75330 539739f38e9df2a1d98e3c8a4b919c93
      
      Size/MD5 checksum:    18276 f637c0ba4d1a980522d689d95c3e5f52
      
      Size/MD5 checksum:    15466 765faa8bd3222b259409620695f756c2
      
      Size/MD5 checksum:   171192 c1e2a288952027c4fe36027ef3e25814
      
      Size/MD5 checksum:    11896 7c49f1a0b18736ddfc36bf1fe1fd8fe2

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:    64718 08575afaa5f06373430ed88363ea9d9c
      
      Size/MD5 checksum:    13106 d9effd93aafe1d64d051dd505fd81205
      
      Size/MD5 checksum:    11804 d9f844e778ad38b914763f3bc0fff271
      
      Size/MD5 checksum:   162794 7e1099ca5b9e95d79fe78a0c08dc20c9
      
      Size/MD5 checksum:    10904 8c168b1b1cfb5ef518c5d5b94e598735

  Big endian MIPS architecture:

      
      Size/MD5 checksum:    72944 7b48f9446b52903db6cbb2b587443978
      
      Size/MD5 checksum:    15948 5e8b18a3f2754141dcfc47ff66f249ba
      
      Size/MD5 checksum:    13358 0addb00d92b722e98d7b638a1bcdd014
      
      Size/MD5 checksum:   165754 784ab3d57bc8ede3d2b9fc39bc331feb
      
      Size/MD5 checksum:    11318 71458695f44db43e0f7dc3144d830058

  Little endian MIPS architecture:

      
      Size/MD5 checksum:    72950 c98752eaa324fb9973258405612e0562
      
      Size/MD5 checksum:    16258 283370df7b1d07759a777b3d8ebcd0f3
      
      Size/MD5 checksum:    13294 c61ffee37b2ef8a5f233256130f2af90
      
      Size/MD5 checksum:   165860 9755232aa1196026a472e76e88b88014
      
      Size/MD5 checksum:    11280 7eb3f91142eca523b099f97c2aafa2fc

  PowerPC architecture:

      
      Size/MD5 checksum:    70900 b070433e505918201f62ecb8e62461d3
      
      Size/MD5 checksum:    16072 674eb86793fcb12f4f895779a79abe98
      
      Size/MD5 checksum:    13468 eefdd31622950d66417a02e2214ed704
      
      Size/MD5 checksum:   166530 75a19abd63c5b2edca78d67966f4a107
      
      Size/MD5 checksum:    11006 77e102f433fa91ac2a8473c306d8ebdf

  IBM S/390 architecture:

      
      Size/MD5 checksum:    67032 dba4e8ca165f387430fff29471bb4093
      
      Size/MD5 checksum:    14410 f8020d1b2b062b61e36201cc90e2d0ac
      
      Size/MD5 checksum:    12396 d0a61b7158cde509d891323f17fc852a
      
      Size/MD5 checksum:   165350 683724f4a92ee3505961d5b153cad8d0
      
      Size/MD5 checksum:    11620 8492059c9319b780be7dcaf37aac2734

  Sun Sparc architecture:

      
      Size/MD5 checksum:    68274 83cb5d714911812ca01596859a7b06f8
      
      Size/MD5 checksum:    14808 03883df35a2f693ad3a367170c2e3641
      
      Size/MD5 checksum:    11904 b087e74b56cee1f858897df5e18034e5
      
      Size/MD5 checksum:   164808 44d4a0fdf7dd6aa6da1fe108d24710ee
      
      Size/MD5 checksum:    13554 174b14213eef7c94388ba08b54062e12


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: cyrus-sasl arbitrary code execution fix DSA-563-1

October 12, 2004
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to con...

Summary

A vulnerability has been discovered in the Cyrus implementation of the
SASL library, the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols. The
library honors the environment variable SASL_PATH blindly, which
allows a local user to link against a malicious library to run
arbitrary code with the privileges of a setuid or setgid application.

For the stable distribution (woody) this problem has been fixed in
version 1.5.27-3woody2.

For the unstable distribution (sid) this problem has been fixed in
version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of
cyrus-sasl2.

We recommend that you upgrade your libsasl packages.


Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:


Size/MD5 checksum: 711 5eef2264f52bb4f3dc2a655285a889d2

Size/MD5 checksum: 40375 35007ca458f24aedebc3a651bbb5f9d2

Size/MD5 checksum: 528252 76ea426e2e2da3b8d2e3a43af5488f3b

Alpha architecture:


Size/MD5 checksum: 76260 6263d2d53f5cc606d11c372d078ffc63

Size/MD5 checksum: 19100 8a901b0282fbd4ced40b820a961b01c0

Size/MD5 checksum: 14944 dd2ce3541cd52e2564e829b9616cba76

Size/MD5 checksum: 172284 759030ca07a99ac03d8243dca9c2cad1

Size/MD5 checksum: 13414 076ea2b666ab7dd47de390829c9b59ab

ARM architecture:


Size/MD5 checksum: 70148 e4d6ea105d776178620d7b12c4a0896a

Size/MD5 checksum: 15040 9691c34f18d88e24037dcbb1606156e9

Size/MD5 checksum: 12452 e42407c240af8914be263deda7790cb0

Size/MD5 checksum: 165868 4091e9262e8603612c1a3515f907fd6b

Size/MD5 checksum: 10850 22d3bd0b8a64cf6b907ca268b55cb80d

Intel IA-32 architecture:


Size/MD5 checksum: 65256 a56f4a88b5ff92ce7928cb73729044fd

Size/MD5 checksum: 13296 0b9d7f91fb9b0216098dc79b74530add

Size/MD5 checksum: 11750 ceaeb52a01badb855be07fa38cd90c4b

Size/MD5 checksum: 162842 e2ef2c121fe75a17a88494f405d57d1f

Size/MD5 checksum: 11072 cbaca72bbc2c11ccb0958779aafccb27

Intel IA-64 architecture:


Size/MD5 checksum: 83800 2bafe3b35b0a800bbfdfa25e9ba05626

Size/MD5 checksum: 23256 694e474ab24f799be51dc7b827485155

Size/MD5 checksum: 19966 447a20a3ec15457d9d182b8d15fba107

Size/MD5 checksum: 180928 29db43ba600016cc26f5c28b66b48129

Size/MD5 checksum: 14244 b1a996ee1e45cb4ce07c49a7ca3239f4

HP Precision architecture:


Size/MD5 checksum: 75330 539739f38e9df2a1d98e3c8a4b919c93

Size/MD5 checksum: 18276 f637c0ba4d1a980522d689d95c3e5f52

Size/MD5 checksum: 15466 765faa8bd3222b259409620695f756c2

Size/MD5 checksum: 171192 c1e2a288952027c4fe36027ef3e25814

Size/MD5 checksum: 11896 7c49f1a0b18736ddfc36bf1fe1fd8fe2

Motorola 680x0 architecture:


Size/MD5 checksum: 64718 08575afaa5f06373430ed88363ea9d9c

Size/MD5 checksum: 13106 d9effd93aafe1d64d051dd505fd81205

Size/MD5 checksum: 11804 d9f844e778ad38b914763f3bc0fff271

Size/MD5 checksum: 162794 7e1099ca5b9e95d79fe78a0c08dc20c9

Size/MD5 checksum: 10904 8c168b1b1cfb5ef518c5d5b94e598735

Big endian MIPS architecture:


Size/MD5 checksum: 72944 7b48f9446b52903db6cbb2b587443978

Size/MD5 checksum: 15948 5e8b18a3f2754141dcfc47ff66f249ba

Size/MD5 checksum: 13358 0addb00d92b722e98d7b638a1bcdd014

Size/MD5 checksum: 165754 784ab3d57bc8ede3d2b9fc39bc331feb

Size/MD5 checksum: 11318 71458695f44db43e0f7dc3144d830058

Little endian MIPS architecture:


Size/MD5 checksum: 72950 c98752eaa324fb9973258405612e0562

Size/MD5 checksum: 16258 283370df7b1d07759a777b3d8ebcd0f3

Size/MD5 checksum: 13294 c61ffee37b2ef8a5f233256130f2af90

Size/MD5 checksum: 165860 9755232aa1196026a472e76e88b88014

Size/MD5 checksum: 11280 7eb3f91142eca523b099f97c2aafa2fc

PowerPC architecture:


Size/MD5 checksum: 70900 b070433e505918201f62ecb8e62461d3

Size/MD5 checksum: 16072 674eb86793fcb12f4f895779a79abe98

Size/MD5 checksum: 13468 eefdd31622950d66417a02e2214ed704

Size/MD5 checksum: 166530 75a19abd63c5b2edca78d67966f4a107

Size/MD5 checksum: 11006 77e102f433fa91ac2a8473c306d8ebdf

IBM S/390 architecture:


Size/MD5 checksum: 67032 dba4e8ca165f387430fff29471bb4093

Size/MD5 checksum: 14410 f8020d1b2b062b61e36201cc90e2d0ac

Size/MD5 checksum: 12396 d0a61b7158cde509d891323f17fc852a

Size/MD5 checksum: 165350 683724f4a92ee3505961d5b153cad8d0

Size/MD5 checksum: 11620 8492059c9319b780be7dcaf37aac2734

Sun Sparc architecture:


Size/MD5 checksum: 68274 83cb5d714911812ca01596859a7b06f8

Size/MD5 checksum: 14808 03883df35a2f693ad3a367170c2e3641

Size/MD5 checksum: 11904 b087e74b56cee1f858897df5e18034e5

Size/MD5 checksum: 164808 44d4a0fdf7dd6aa6da1fe108d24710ee

Size/MD5 checksum: 13554 174b14213eef7c94388ba08b54062e12


These files will probably be moved into the stable distribution on
its next update.

Severity
Package : cyrus-sasl
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0884
Debian Bug : 275498

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved