SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   Cyrus SASL Vendors:   Carnegie Mellon University
Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution
SecurityTracker Alert ID:  1011568
SecurityTracker URL:  http://securitytracker.com/id/1011568
CVE Reference:   CAN-2004-0884, CAN-2005-0373   (Links to External Site)
Updated:  Feb 23 2005
Original Entry Date:  Oct 7 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.1.19 and prior versions
Description:   Two vulnerabilities were reported in Cyrus SASL. A local user may be able to gain elevated privileges on the target system. A remote user may be able to execute arbitrary code on the target system.

The vendor reported that a local user may be able to modify the SASL_PATH environment variable to cause a privileged application to load alternate library files from an arbitrary user-specified directory, resulting in the execution of arbitrary code [CVE: CAN-2004-0884].

Gentoo reported that there is also a buffer overflow in 'digestmda5.c' [CVE: CAN-2005-0373]. A remote user may be able to execute arbitrary code on the target system.
Impact:   A local user may be able to gain elevated privileges on the target system.

A remote user may be able to execute arbitrary code on the target system.
Solution:   A patch for the environment variable flaw is available at:

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c.diff?r1=1.103&r2=1.104

A fix for the buffer overflow is included in version 2.1.19, available at:

http://asg.web.cmu.edu/sasl/sasl-library.html
Vendor URL:  asg.web.cmu.edu/sasl/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 7 2004 (Red Hat Issues Fix for RHEL) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Oct 7 2004 (Gentoo Issues Fix) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (Kurt Lieber <klieber@gentoo.org>)
Gentoo has released a fix.
Oct 10 2004 (Mandrake Issues Fix) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has issued a fix.
Oct 12 2004 (Debian Issues Fix) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Oct 13 2004 (Debian Issues Fix) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (joey@infodrom.org (Martin Schulze))
Debian has released a revised fix.
Oct 14 2004 (Debian Issues Additional Fixes) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (joey@infodrom.org (Martin Schulze))
Debian has released an additional fix.
Oct 15 2004 (Red Hat Issues Fix for RHEL) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1
Oct 16 2004 (Fedora Issues Fix for FC2) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (Nalin Dahyabhai <nalin@redhat.com>)
Fedora has released a fix for Fedora Core 2.
Oct 16 2004 (Debian Issues Fix for MIT Version) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for the MIT version of Cyrus SASL.
Nov 11 2004 (Conectiva Issues Fix) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
Mar 22 2005 (Apple Issues Fix for OS X) Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution
Apple has issued a fix for Mac OS X.


 Source Message Contents
Date:  Thu, 7 Oct 2004 13:35:30 -0400
Subject:  [none]


Two vulnerabilities were reported in Cyrus SASL.

A local user may be able to modify the SASL_PATH environment variable to cause a 
privileged application to load alternate library files from an arbitrary user-specified
directory, resulting in the execution of arbitrary code [CVE: CAN-2004-0884].

A patch is available at:

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c.diff?r1=1.103&r2=1.104

Gentoo reported that there is also a buffer overflow in 'digestmda5.c'.  A remote user
may be able to execute arbitrary code on the target system.  A fix for this overflow
is available in 2.1.19.

Vendor URL: http://asg.web.cmu.edu/sasl/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC