Oval Definition:	oval:org.mitre.oval:def:11678
Revision Date: 2013-04-29 Version: 11 Title: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs. Description: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2004-0884 Platform(s): CentOS Linux 3 Red Hat Enterprise Linux 3 Product(s): Definition Synopsis RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 OR CentOS Linux 3.x AND Configuration section cyrus-sasl-plain is earlier than 0:2.1.15-10 OR cyrus-sasl-md5 is earlier than 0:2.1.15-10 OR cyrus-sasl-gssapi is earlier than 0:2.1.15-10 OR cyrus-sasl-devel is earlier than 0:2.1.15-10 OR cyrus-sasl is earlier than 0:2.1.15-10
BACK