Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Fedora Local Security Checks --> Category: infos

Fedora Core 2 2004-332: cyrus-sasl Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the cyrus-sasl package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory FEDORA-2004-332 (cyrus-sasl).

The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.

Update Information:

At application startup, libsasl and libsasl2 attempt to build a list
of all SASL plug-ins which are available on the system. To do so,
the libraries search for and attempt to load every shared library
found within the plug-in directory. This location can be set with
the SASL_PATH environment variable.

In situations where an untrusted local user can affect the
environment of a privileged process, this behavior could be exploited
to run arbitrary code with the rights of a setuid or setgid
application. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which
contain backported patches and are not vulnerable to this issue.



Solution : http://www.fedoranews.org/updates/FEDORA-2004-332.shtml
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.