CVE-2004-0884

Name of the Vulnerable Software and Affected Versions Cyrus-SASL versions 2.1.18 and earlier

Description The issue allows local users to execute arbitrary code by modifying the SASL PATH environment variable to point to malicious programs, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This is due to the libsasl and libsasl2 libraries trusting the SASL PATH environment variable to find all available SASL plug-ins.

Recommendations For Cyrus-SASL versions 2.1.18 and earlier, consider restricting access to the SASL PATH environment variable to prevent modification by local users until a patch is available. As a temporary workaround, avoid using the SASL PATH variable in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.