- Issued:
- 2004-10-07
- Updated:
- 2004-10-07
RHSA-2004:546 - Security Advisory
Synopsis
cyrus-sasl security update
Type/Severity
Security Advisory: Important
Topic
Updated cyrus-sasl packages that fix a setuid and setgid application
vulnerability are now available.
[Updated 7th October 2004]
Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3;
the patch in the previous packages broke interaction with ldap.
Description
The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.
At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system. To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory. This location can be set with the SASL_PATH
environment variable.
In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0884 to this issue.
Users of cyrus-sasl should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 134657 - CAN-2004-0884 privilege escalation
- BZ - 134979 - cyrus-sasl causes crashes with ldap
CVEs
References
This erratum does not contain any packages.
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.