diff options
author | nectar <nectar@FreeBSD.org> | 2004-10-08 16:50:15 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2004-10-08 16:50:15 +0000 |
commit | 178d1c888a90bd18140e9ea572d5fe35bb9a76fc (patch) | |
tree | 2fe1d2d68eebd547f9ef684a8e14f0d4897190bd | |
parent | 20294d71a46908b18cf4342c92d5cb2d7b8099e4 (diff) | |
download | FreeBSD-ports-178d1c888a90bd18140e9ea572d5fe35bb9a76fc.zip FreeBSD-ports-178d1c888a90bd18140e9ea572d5fe35bb9a76fc.tar.gz |
Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.
Approved by: portmgr
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ff7d643..52a9b60 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="92268205-1947-11d9-bc4a-000c41e2cdad"> + <topic>cyrus-sasl -- dynamic library loading and set-user-ID + applications</topic> + <affects> + <package> + <name>cyrus-sasl</name> + <range><le>1.5.28_3</le></range> + <range><ge>2.*</ge><le>2.1.19</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Cyrus SASL library, libsasl, contains functions which + may load dynamic libraries. These libraries may be loaded + from the path specified by the environmental variable + SASL_PATH, which in some situations may be fully controlled + by a local attacker. Thus, if a set-user-ID application + (such as chsh) utilizes libsasl, it may be possible for a + local attacker to gain superuser privileges.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0884</cvename> + <url>https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104</url> + </references> + <dates> + <discovery>2004-09-22</discovery> + <entry>2004-10-08</entry> + </dates> + </vuln> + <vuln vid="efc4819b-0b2d-11d9-bfe1-000bdb1444a4"> <topic>imp3 -- XSS hole in the HTML viewer</topic> <affects> |