Bug 134660 - CAN-2004-0884 privilege escalation
Summary: CAN-2004-0884 privilege escalation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-sasl
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-05 14:32 UTC by Josh Bressers
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version: 2.1.18-2.2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-10-08 19:35:41 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Josh Bressers 2004-10-05 14:32:02 UTC
Gentoo has reported this issue via vendor-sec on 2004-10-05

Libsasl honors the environment variable SASL_PATH blindly, allowing a
local user to compile a "library" locally that is executed with the
EID of SASL when anything calls libsasl.

Comment 1 Josh Bressers 2004-10-05 14:42:50 UTC
I've uploaded the upstream patch as attachment 104781 [details]

Comment 2 Mark J. Cox 2004-10-07 13:44:17 UTC
removing embargo

Comment 3 Tomasz Ostrowski 2004-10-11 10:58:40 UTC
Gentoo in the same advisory that corrected CAN-2004-0884
http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
mentioned also a buffer overflow:
"Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file."

Does this overflow affect FC? I can not find what it was.

Comment 4 Mark J. Cox 2004-10-11 11:03:32 UTC
Looks like it's fixed in 2.1.19:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=6078



Note You need to log in before you can comment on or make changes to this bug.