CVE-2004-0884
EPSS 0.06%cyrus-sasl-mit - unsanitised input
發布日:2005/1/27修改日:2026/4/28
也稱為:DEBIAN-CVE-2004-0884
描述
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
受影響套件(3)
- Debian/cyrus-saslfrom 0, < 1.5.27-3.1woody5
- Debian/cyrus-sasl2from 0, < 2.1.19-1.3
- Debian/cyrus-sasl-mitfrom 0, < 1.5.24-15woody3