OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

cyrus-sasl -- dynamic library loading and set-user-ID applications

Affected packages
cyrus-sasl <= 2.1.19p2

Details

VuXML ID 08d4fef6-2032-11d9-9fa6-00065bd5b0b6
Discovery 2004-09-22
Entry 2004-10-08

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges.

References

CVE Name CAN-2004-0884
URL https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.