Linux Security
    Linux Security
    Linux Security

    Debian: cyrus-sasl arbitrary code execution fix DSA-563-1

    Posted By
    A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.
    Debian Security Advisory DSA 563-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    October 12th, 2004             
    Package        : cyrus-sasl
    Vulnerability  : unsanitised input
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2004-0884
    Debian Bug     : 275498
    A vulnerability has been discovered in the Cyrus implementation of the
    SASL library, the Simple Authentication and Security Layer, a method
    for adding authentication support to connection-based protocols.  The
    library honors the environment variable SASL_PATH blindly, which
    allows a local user to link against a malicious library to run
    arbitrary code with the privileges of a setuid or setgid application.
    For the stable distribution (woody) this problem has been fixed in
    version 1.5.27-3woody2.
    For the unstable distribution (sid) this problem has been fixed in
    version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of
    We recommend that you upgrade your libsasl packages.
    Upgrade Instructions
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
      Source archives:
          Size/MD5 checksum:      711 5eef2264f52bb4f3dc2a655285a889d2
          Size/MD5 checksum:    40375 35007ca458f24aedebc3a651bbb5f9d2
          Size/MD5 checksum:   528252 76ea426e2e2da3b8d2e3a43af5488f3b
      Alpha architecture:
          Size/MD5 checksum:    76260 6263d2d53f5cc606d11c372d078ffc63
          Size/MD5 checksum:    19100 8a901b0282fbd4ced40b820a961b01c0
          Size/MD5 checksum:    14944 dd2ce3541cd52e2564e829b9616cba76
          Size/MD5 checksum:   172284 759030ca07a99ac03d8243dca9c2cad1
          Size/MD5 checksum:    13414 076ea2b666ab7dd47de390829c9b59ab
      ARM architecture:
          Size/MD5 checksum:    70148 e4d6ea105d776178620d7b12c4a0896a
          Size/MD5 checksum:    15040 9691c34f18d88e24037dcbb1606156e9
          Size/MD5 checksum:    12452 e42407c240af8914be263deda7790cb0
          Size/MD5 checksum:   165868 4091e9262e8603612c1a3515f907fd6b
          Size/MD5 checksum:    10850 22d3bd0b8a64cf6b907ca268b55cb80d
      Intel IA-32 architecture:
          Size/MD5 checksum:    65256 a56f4a88b5ff92ce7928cb73729044fd
          Size/MD5 checksum:    13296 0b9d7f91fb9b0216098dc79b74530add
          Size/MD5 checksum:    11750 ceaeb52a01badb855be07fa38cd90c4b
          Size/MD5 checksum:   162842 e2ef2c121fe75a17a88494f405d57d1f
          Size/MD5 checksum:    11072 cbaca72bbc2c11ccb0958779aafccb27
      Intel IA-64 architecture:
          Size/MD5 checksum:    83800 2bafe3b35b0a800bbfdfa25e9ba05626
          Size/MD5 checksum:    23256 694e474ab24f799be51dc7b827485155
          Size/MD5 checksum:    19966 447a20a3ec15457d9d182b8d15fba107
          Size/MD5 checksum:   180928 29db43ba600016cc26f5c28b66b48129
          Size/MD5 checksum:    14244 b1a996ee1e45cb4ce07c49a7ca3239f4
      HP Precision architecture:
          Size/MD5 checksum:    75330 539739f38e9df2a1d98e3c8a4b919c93
          Size/MD5 checksum:    18276 f637c0ba4d1a980522d689d95c3e5f52
          Size/MD5 checksum:    15466 765faa8bd3222b259409620695f756c2
          Size/MD5 checksum:   171192 c1e2a288952027c4fe36027ef3e25814
          Size/MD5 checksum:    11896 7c49f1a0b18736ddfc36bf1fe1fd8fe2
      Motorola 680x0 architecture:
          Size/MD5 checksum:    64718 08575afaa5f06373430ed88363ea9d9c
          Size/MD5 checksum:    13106 d9effd93aafe1d64d051dd505fd81205
          Size/MD5 checksum:    11804 d9f844e778ad38b914763f3bc0fff271
          Size/MD5 checksum:   162794 7e1099ca5b9e95d79fe78a0c08dc20c9
          Size/MD5 checksum:    10904 8c168b1b1cfb5ef518c5d5b94e598735
      Big endian MIPS architecture:
          Size/MD5 checksum:    72944 7b48f9446b52903db6cbb2b587443978
          Size/MD5 checksum:    15948 5e8b18a3f2754141dcfc47ff66f249ba
          Size/MD5 checksum:    13358 0addb00d92b722e98d7b638a1bcdd014
          Size/MD5 checksum:   165754 784ab3d57bc8ede3d2b9fc39bc331feb
          Size/MD5 checksum:    11318 71458695f44db43e0f7dc3144d830058
      Little endian MIPS architecture:
          Size/MD5 checksum:    72950 c98752eaa324fb9973258405612e0562
          Size/MD5 checksum:    16258 283370df7b1d07759a777b3d8ebcd0f3
          Size/MD5 checksum:    13294 c61ffee37b2ef8a5f233256130f2af90
          Size/MD5 checksum:   165860 9755232aa1196026a472e76e88b88014
          Size/MD5 checksum:    11280 7eb3f91142eca523b099f97c2aafa2fc
      PowerPC architecture:
          Size/MD5 checksum:    70900 b070433e505918201f62ecb8e62461d3
          Size/MD5 checksum:    16072 674eb86793fcb12f4f895779a79abe98
          Size/MD5 checksum:    13468 eefdd31622950d66417a02e2214ed704
          Size/MD5 checksum:   166530 75a19abd63c5b2edca78d67966f4a107
          Size/MD5 checksum:    11006 77e102f433fa91ac2a8473c306d8ebdf
      IBM S/390 architecture:
          Size/MD5 checksum:    67032 dba4e8ca165f387430fff29471bb4093
          Size/MD5 checksum:    14410 f8020d1b2b062b61e36201cc90e2d0ac
          Size/MD5 checksum:    12396 d0a61b7158cde509d891323f17fc852a
          Size/MD5 checksum:   165350 683724f4a92ee3505961d5b153cad8d0
          Size/MD5 checksum:    11620 8492059c9319b780be7dcaf37aac2734
      Sun Sparc architecture:
          Size/MD5 checksum:    68274 83cb5d714911812ca01596859a7b06f8
          Size/MD5 checksum:    14808 03883df35a2f693ad3a367170c2e3641
          Size/MD5 checksum:    11904 b087e74b56cee1f858897df5e18034e5
          Size/MD5 checksum:   164808 44d4a0fdf7dd6aa6da1fe108d24710ee
          Size/MD5 checksum:    13554 174b14213eef7c94388ba08b54062e12
      These files will probably be moved into the stable distribution on
      its next update.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.