Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat: RHSA-2004:546-02 Critical: cyrus-sasl Setuid Exploit Fix

red hat
Calendar Grey October 7, 2004
Dist Redhat Esm H88
The revised cyrus-sasl packages address the setuid vulnerability efficiently in Red Hat environments.
Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

134657 - CAN-2004-0884 privilege escalation 134979 - cyrus-sasl causes crashes with ldap

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm

i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm

ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm

ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm

i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm

i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:

a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm

i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm

ppc: b2bddd0010bd1340b753617edcb90caa cyrus-sasl-2.1.15-10.ppc.rpm b110c26ced4d8557524e53ccc26ed46d cyrus-sasl-devel-2.1.15-10.ppc.rpm 3bf9b253bbd5e280367b85fa99f99e8c cyrus-sasl-gssapi-2.1.15-10.ppc.rpm 879100afe15b6641808e979edeef445c cyrus-sasl-md5-2.1.15-10.ppc.rpm 8c8efc6cccb8cb3a09313133fbf912d6 cyrus-sasl-plain-2.1.15-10.ppc.rpm

ppc64: edbd0ed195134adf55d2619ae86294ef cyrus-sasl-2.1.15-10.ppc64.rpm

s390: 51f034feb0c6ff15940fa9ee8825b313 cyrus-sasl-2.1.15-10.s390.rpm 21d68bbf2ec87862ea962bb425803dca cyrus-sasl-devel-2.1.15-10.s390.rpm 01ee5010919fe6810390042efe14fdb8 cyrus-sasl-gssapi-2.1.15-10.s390.rpm b46dec0bfe0cd3d00b73d76e93c99ef0 cyrus-sasl-md5-2.1.15-10.s390.rpm 4d77001213929ab7dc7b0f29f8b864dc cyrus-sasl-plain-2.1.15-10.s390.rpm

s390x: 993b18d386a38b63013cf3036907a81d cyrus-sasl-2.1.15-10.s390x.rpm 51f034feb0c6ff15940fa9ee8825b313 cyrus-sasl-2.1.15-10.s390.rpm 8aafa73a49830c989bd0c41733ac4d16 cyrus-sasl-devel-2.1.15-10.s390x.rpm 9a758c6607181142de0754bad0472f6a cyrus-sasl-gssapi-2.1.15-10.s390x.rpm 53d9d697764a09700b9fd09fb0367fc8 cyrus-sasl-md5-2.1.15-10.s390x.rpm 7183d87047ab36d80499dd74d3944927 cyrus-sasl-plain-2.1.15-10.s390x.rpm

x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm

i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm

x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm

i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm

i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from


Summary

Topics%20covered

Topics Covered

security advisory red hat critical cyrus-sasl authentication setuid

References

CVE -CVE-2004-0884

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2004:546-02
Issue date: 2004-10-07
Updated on: 2004-10-07
Product: Red Hat Enterprise Linux
Keywords: environment

Topic

Updated cyrus-sasl packages that fix a setuid and setgid applicationvulnerability are now available.[Updated 7th October 2004]Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3;the patch in the previous packages broke interaction with ldap.

Topics%20covered

Topics Covered

security advisory red hat critical cyrus-sasl authentication setuid

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here