CVE-2004-0884

Publication date 27 January 2005

Last updated 24 July 2024

Ubuntu priority

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cyrus-sasl2	7.04 feisty	Fixed 2.1.19.dfsg1-0.1ubuntu2
	6.10 edgy	Fixed 2.1.19.dfsg1-0.1ubuntu2
	6.06 LTS dapper	Fixed 2.1.19.dfsg1-0.1ubuntu2
cyrus-sasl2-heimdal	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
cyrus-sasl2-mit	7.04 feisty	Fixed 2.1.19-2
	6.10 edgy	Fixed 2.1.19-2
	6.06 LTS dapper	Fixed 2.1.19-2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2004-0884