CVE-2004-0884

EPSS 0.06%

cyrus-sasl-mit - unsanitised input

Published: 1/27/2005Modified: 4/28/2026

Also known as:DEBIAN-CVE-2004-0884

Description

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Affected packages (3)

Debian/cyrus-saslfrom 0, < 1.5.27-3.1woody5
Debian/cyrus-sasl2from 0, < 2.1.19-1.3
Debian/cyrus-sasl-mitfrom 0, < 1.5.24-15woody3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-0884