Gentoo has reported this issue via vendor-sec on 2004-10-05 Libsasl honors the environment variable SASL_PATH blindly, allowing a local user to compile a "library" locally that is executed with the EID of SASL when anything calls libsasl.
Created attachment 104781 [details] Upstream patch
*** Bug 134658 has been marked as a duplicate of this bug. ***
This issue also affects RHEL2.1
This issue goes public on 2004-10-07
Removing embargo
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-546.html
It is a bit confusing what is really in CAN-2004-0884, as it is marked now ** RESERVED **, but Gentoo GLSA 200410-05 advisory, http://www.securityfocus.com/archive/1/377775/2004-10-04/2004-10-10/0 says also "Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file". See http://www.securityfocus.com/bid/11347 as well. Somehow I do no see in the recent code patches anything which would address that concern; or this is something new and not mentioned by CAN-2004-0884?
The digestmda5.c issue was separate to CAN-2004-0884 and did not affect any version of cryus-sasl with Red Hat Enterprise Linux (or Fedora Core).