CVE-2004-0884
published 2005-01-27CVE-2004-0884: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which…
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.51%
39.4th percentile
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| cyrus | sasl | — | — |
| debian | cyrus-sasl2 | < cyrus-sasl2 2.1.19-1.3 (bookworm) | cyrus-sasl2 2.1.19-1.3 (bookworm) |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-10-07·CVSS 7.2
CVE-2004-0884 [HIGH] security flaw
security flaw
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Debian
CVE-2004-0884: cyrus-sasl2 - The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trus...
vendor_debian·2004·CVSS 7.2
CVE-2004-0884 [HIGH] CVE-2004-0884: cyrus-sasl2 - The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trus...
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Scope: local
bookworm: resolved (fixed in 2.1.19-1.3)
bullseye: resolved (fixed in 2.1.19-1.3)
forky: resolved (fixed in 2.1.19-1.3)
sid: resolved (fixed in 2.1.19-1.3)
trixie: resolved (fixed in 2.1.19-1.3)
GHSA
GHSA-pggp-j979-w3jj: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2
ghsa_unreviewed·2022-04-29
CVE-2004-0884 [HIGH] GHSA-pggp-j979-w3jj: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
OSV
CVE-2004-0884: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2
osv·2005-01-27·CVSS 7.2
CVE-2004-0884 [HIGH] CVE-2004-0884: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
No detection rules found.
No public exploits indexed.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlhttp://marc.info/?l=bugtraq&m=110693126007214&w=2http://rhn.redhat.com/errata/RHSA-2004-546.htmlhttp://www.ciac.org/ciac/bulletins/p-003.shtmlhttp://www.debian.org/security/2004/dsa-563http://www.debian.org/security/2004/dsa-568http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:106http://www.securityfocus.com/bid/11347http://www.trustix.net/errata/2004/0053/https://bugzilla.fedora.us/show_bug.cgi?id=2137https://exchange.xforce.ibmcloud.com/vulnerabilities/17643https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlhttp://marc.info/?l=bugtraq&m=110693126007214&w=2http://rhn.redhat.com/errata/RHSA-2004-546.htmlhttp://www.ciac.org/ciac/bulletins/p-003.shtmlhttp://www.debian.org/security/2004/dsa-563http://www.debian.org/security/2004/dsa-568http://www.gentoo.org/security/en/glsa/glsa-200410-05.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:106http://www.securityfocus.com/bid/11347http://www.trustix.net/errata/2004/0053/https://bugzilla.fedora.us/show_bug.cgi?id=2137https://exchange.xforce.ibmcloud.com/vulnerabilities/17643https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678
2005-01-27
Published