Family: Fedora Local Security Checks --> Category: infos
Fedora Core 2 2004-332: cyrus-sasl Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the cyrus-sasl package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2004-332 (cyrus-sasl).
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
At application startup, libsasl and libsasl2 attempt to build a list
of all SASL plug-ins which are available on the system. To do so,
the libraries search for and attempt to load every shared library
found within the plug-in directory. This location can be set with
the SASL_PATH environment variable.
In situations where an untrusted local user can affect the
environment of a privileged process, this behavior could be exploited
to run arbitrary code with the rights of a setuid or setgid
application. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0884 to this issue.
Users of cyrus-sasl should upgrade to these updated packages, which
contain backported patches and are not vulnerable to this issue.
Solution : http://www.fedoranews.org/updates/FEDORA-2004-332.shtml
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.