cyrus-sasl -- dynamic library loading and set-user-ID applications
The Cyrus SASL library, libsasl, contains functions which
may load dynamic libraries. These libraries may be loaded
from the path specified by the environmental variable
SASL_PATH, which in some situations may be fully controlled
by a local attacker. Thus, if a set-user-ID application
(such as chsh) utilizes libsasl, it may be possible for a
local attacker to gain superuser privileges.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright