|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12760] Cyrus SASL Library Buffer Overflow and "SASL_PATH" Privilege Escalation
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Oct 08 2004 - 05:06:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Cyrus SASL Library Buffer Overflow and "SASL_PATH" Privilege
Escalation
SECUNIA ADVISORY ID:
SA12760
VERIFY ADVISORY:
http://secunia.com/advisories/12760/
CRITICAL:
Highly critical
IMPACT:
Privilege escalation, System access
WHERE:
From remote
SOFTWARE:
Cyrus SASL Library 2.x
http://secunia.com/product/4019/
Cyrus SASL Library 1.x
http://secunia.com/product/4020/
DESCRIPTION:
Two vulnerabilities have been reported in Cyrus SASL library, which
can be exploited by malicious people to compromise a vulnerable
system and by malicious, local users to gain escalated privileges.
1) A boundary error in "digestmda5.c" can be exploited to cause a
buffer overflow and may allow execution of arbitrary code with the
privileges of the application using the Cyrus SASL library.
2) An input validation error, where the Cyrus SASL library insecurely
loads plugins using the SASL_PATH environment variable, can be
exploited to load an arbitrary plugin with the privileges of the
application linked to the Cyrus SASL library.
SOLUTION:
1) Update to version 2.1.19.
http://asg.web.cmu.edu/cyrus/download/
2) A fix is available in the CVS repository.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]