Vulnerability Name:

CVE-2004-0884 (CCN-17643)

Assigned:2004-10-07
Published:2004-10-07
Updated:2017-10-11
Summary:The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CONFIRM
Type: UNKNOWN
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657

Source: MITRE
Type: CNA
CVE-2004-0884

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:889
Fix for buffer overflow vulnerability

Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-03-21

Source: BUGTRAQ
Type: UNKNOWN
20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)

Source: CCN
Type: RHSA-2004-546
cyrus-sasl security update

Source: REDHAT
Type: UNKNOWN
RHSA-2004:546

Source: CCN
Type: CIAC Information Bulletin P-003
Updated Cyrus-SASL Packages Fix Security Flaw

Source: CIAC
Type: UNKNOWN
P-003

Source: CCN
Type: CIAC INFORMATION BULLETIN P-156
Apple Security Update 2005-003

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-563

Source: DEBIAN
Type: UNKNOWN
DSA-568

Source: DEBIAN
Type: DSA-563
cyrus-sasl -- unsanitised input

Source: DEBIAN
Type: DSA-568
cyrus-sasl-mit -- unsanitised input

Source: CCN
Type: GLSA-200410-05
Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200410-05

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:106

Source: CCN
Type: OpenPKG-SA-2005.004
SASL

Source: BID
Type: Patch, Vendor Advisory
11347

Source: CCN
Type: BID-11347
Cyrus SASL Multiple Remote And Local Vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0053
Insecure handling of environment variable

Source: TRUSTIX
Type: UNKNOWN
2004-0053

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0054
Multiple security vulnerabilities

Source: FEDORA
Type: UNKNOWN
FLSA:2137

Source: XF
Type: UNKNOWN
cyrus-sasl-saslpath(17643)

Source: XF
Type: UNKNOWN
cyrus-sasl-saslpath(17643)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11678

Source: SUSE
Type: SUSE-SA:2004:037
kernel: remote denial of service

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:1.5.28:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:sasl:2.1.18_r1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:carnegie_mellon_university:cyrus-sasl:1.4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040884
    V
    		CVE-2004-0884
    2015-11-16
    oval:org.mitre.oval:def:11678
    V
    		The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
    2013-04-29
    oval:org.debian:def:568
    V
    		unsanitised input
    2004-10-16
    oval:org.debian:def:563
    V
    		unsanitised input
    2004-10-14
    oval:com.redhat.rhsa:def:20040546
    P
    		RHSA-2004:546: cyrus-sasl security update (Important)
    2004-10-07
    BACK
    cyrus sasl 1.5.24
    cyrus sasl 1.5.27
    cyrus sasl 1.5.28
    cyrus sasl 2.1.9
    cyrus sasl 2.1.10
    cyrus sasl 2.1.11
    cyrus sasl 2.1.12
    cyrus sasl 2.1.13
    cyrus sasl 2.1.14
    cyrus sasl 2.1.15
    cyrus sasl 2.1.16
    cyrus sasl 2.1.17
    cyrus sasl 2.1.18
    cyrus sasl 2.1.18_r1
    conectiva linux 9.0
    conectiva linux 10.0
    carnegie_mellon_university cyrus-sasl 1.4.1
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    suse suse linux 8.1
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    conectiva linux 9.0
    trustix secure linux 2.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    openpkg openpkg 2.1
    openpkg openpkg 2.2
    redhat linux advanced workstation 2.1
    suse linux enterprise server 9
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1