FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cyrus-sasl -- dynamic library loading and set-user-ID applications

Affected packages
cyrus-sasl <= 1.5.28_3
2.* <= cyrus-sasl <= 2.1.19

Details

VuXML ID 92268205-1947-11d9-bc4a-000c41e2cdad
Discovery 2004-09-22
Entry 2004-10-08

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges.

References

CVE Name CVE-2004-0884
URL https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104