Vulnerabilities

CVE-2004-0884

by Fred · 21/10/2004

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Date published : 2004-10-21

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

http://www.securityfocus.com/bid/11347

Related

Tags: Cybersecurity Alert