Fedora Core 2: 2004-331 Critical: cyrus-sasl Local Code Execution

The cyrus-sasl package contains the Cyrus implementation of SASL.

SASL is the Simple Authentication and Security Layer, a method for

adding authentication support to connection-based protocols.

At application startup, libsasl and libsasl2 attempt to build a list of all SASL plug-ins which are available on the system. To do so, the libraries search for and attempt to load every shared library found within the plug-in directory. This location can be set with the SASL_PATH environment variable.

In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.

* Thu Oct 07 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.18-2.2

- use notting's fix for incorrect patch for CAN-2004-0884 for 1.5.28

* Thu Oct 07 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.18-2.1

- don't trust the environme...