Paketname
cyrus-sasl
Datum
2004-10-07
Advisory ID
MDKSA-2004:106
Betroffene Versionen
9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586

Problembeschreibung

A vulnerability was discovered in the libsasl library of cyrus-sasl. libsasl honors the SASL_PATH environment variable blindly, which could allow a local user to create a malicious "library" that would get executed with the effective ID of SASL when anything calls libsasl. The provided packages are patched to protect against this vulnerability.

Aktualisierte Pakete

9.2 amd64

 e932be9d60a9990f28f0cc9514c33123  amd64/9.2/RPMS/cyrus-sasl-2.1.15-4.1.92mdk.amd64.rpm
1dda4f42fee8f8480f8a6274c533f929  amd64/9.2/RPMS/lib64sasl2-2.1.15-4.1.92mdk.amd64.rpm
e4cd66b10b8940507ed766e3bae72b38  amd64/9.2/RPMS/lib64sasl2-devel-2.1.15-4.1.92mdk.amd64.rpm
8c4426cf876b988cf8883db132497ae8  amd64/9.2/RPMS/lib64sasl2-plug-anonymous-2.1.15-4.1.92mdk.amd64.rpm
02f3fc6d31ebb7c000d7060c99e63884  amd64/9.2/RPMS/lib64sasl2-plug-crammd5-2.1.15-4.1.92mdk.amd64.rpm
a7b4c37fb6ee6bc53e315dede91e2696  amd64/9.2/RPMS/lib64sasl2-plug-digestmd5-2.1.15-4.1.92mdk.amd64.rpm
e3f1b44b40e8ad0511c814ef6d703835  amd64/9.2/RPMS/lib64sasl2-plug-gssapi-2.1.15-4.1.92mdk.amd64.rpm
f2cd6a80bdb93a4b345ac60cc9975e72  amd64/9.2/RPMS/lib64sasl2-plug-login-2.1.15-4.1.92mdk.amd64.rpm
54b04103e38be7f9ac7982044d72dd83  amd64/9.2/RPMS/lib64sasl2-plug-ntlm-2.1.15-4.1.92mdk.amd64.rpm
87d5b714dae7284efb6024ed92b83aa8  amd64/9.2/RPMS/lib64sasl2-plug-otp-2.1.15-4.1.92mdk.amd64.rpm
eb37724460418bbe7c3f24f915c97e1d  amd64/9.2/RPMS/lib64sasl2-plug-plain-2.1.15-4.1.92mdk.amd64.rpm
82470db324565a79a16401512fd01281  amd64/9.2/RPMS/lib64sasl2-plug-sasldb-2.1.15-4.1.92mdk.amd64.rpm
d2ea27f377fa52e5d651b354ebf20657  amd64/9.2/RPMS/lib64sasl2-plug-srp-2.1.15-4.1.92mdk.amd64.rpm
cc2e67e7a7df460932c8c97bbf9d79b6  amd64/9.2/SRPMS/cyrus-sasl-2.1.15-4.1.92mdk.src.rpm

CS2.1 x86_64

 d00de6225fcc2afb91ea13017738de9a  x86_64/corporate/2.1/RPMS/cyrus-sasl-1.5.27-5.1.C21mdk.x86_64.rpm
49bd78a963695b794cc5f0a7d8285447  x86_64/corporate/2.1/RPMS/libsasl7-1.5.27-5.1.C21mdk.x86_64.rpm
44c9864023686e7f4f492a4ac2e0fe53  x86_64/corporate/2.1/RPMS/libsasl7-devel-1.5.27-5.1.C21mdk.x86_64.rpm
7d90d8f1ce6e5874996c048676a73ecd  x86_64/corporate/2.1/RPMS/libsasl7-plug-anonymous-1.5.27-5.1.C21mdk.x86_64.rpm
f8dc759136397b2444baa4f4233c07ae  x86_64/corporate/2.1/RPMS/libsasl7-plug-crammd5-1.5.27-5.1.C21mdk.x86_64.rpm
9d91a8842db34d9e4486736007e459c4  x86_64/corporate/2.1/RPMS/libsasl7-plug-digestmd5-1.5.27-5.1.C21mdk.x86_64.rpm
4e82d378ad868a4f24de02d31de580f6  x86_64/corporate/2.1/RPMS/libsasl7-plug-login-1.5.27-5.1.C21mdk.x86_64.rpm
7cef5720f54436d7b1af6d6c817a3a72  x86_64/corporate/2.1/RPMS/libsasl7-plug-plain-1.5.27-5.1.C21mdk.x86_64.rpm
a3ea8b441b6454eda5dbf4e9f7a0e126  x86_64/corporate/2.1/SRPMS/cyrus-sasl-1.5.27-5.1.C21mdk.src.rpm

10.0 amd64

 74fff1da23dab6e2ea936663bde4754f  amd64/10.0/RPMS/cyrus-sasl-2.1.15-10.1.100mdk.amd64.rpm
4ae7d79a0035264b4991844061155b22  amd64/10.0/RPMS/lib64sasl2-2.1.15-10.1.100mdk.amd64.rpm
ec042bcd47406ce77ca6270baaa3e30d  amd64/10.0/RPMS/lib64sasl2-devel-2.1.15-10.1.100mdk.amd64.rpm
90bf0467dd3a84ad4bda4191e7beeda6  amd64/10.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.1.100mdk.amd64.rpm
0b592508b84e2b59c6d92b67bc9acc7d  amd64/10.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.1.100mdk.amd64.rpm
6c165b6f5a153268c090bf48867e1c16  amd64/10.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk.amd64.rpm
80cc5dc58b8096708f136b26707a9979  amd64/10.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.1.100mdk.amd64.rpm
e31d97544c17cf3627c96ba30bab4566  amd64/10.0/RPMS/lib64sasl2-plug-login-2.1.15-10.1.100mdk.amd64.rpm
c2cf0e4bf0a16bfa0f12804a38d72086  amd64/10.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.1.100mdk.amd64.rpm
adc938ecf528ec25ce15a42eaa0b42cc  amd64/10.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.1.100mdk.amd64.rpm
c1ea1fbea28db51ab5dc79ccd515c3ac  amd64/10.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.1.100mdk.amd64.rpm
cafbef0aa82c2a38cfcac103931536fe  amd64/10.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.1.100mdk.amd64.rpm
21cc68617893b2d63b3b0afc466c09b9  amd64/10.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.1.100mdk.amd64.rpm
efdc07d417c7ebba707bc7bd5b13f829  amd64/10.0/SRPMS/cyrus-sasl-2.1.15-10.1.100mdk.src.rpm

CS2.1 i586

 66cb444f56bb4217df77428198527b7f  corporate/2.1/RPMS/cyrus-sasl-1.5.27-5.1.C21mdk.i586.rpm
ad6d0411ebddc8f0c760297cfd20c282  corporate/2.1/RPMS/libsasl7-1.5.27-5.1.C21mdk.i586.rpm
20a039725daa6aa3a8e4140922b1a123  corporate/2.1/RPMS/libsasl7-devel-1.5.27-5.1.C21mdk.i586.rpm
9a16c82b1de4fbaccc370e26764620ec  corporate/2.1/RPMS/libsasl7-plug-anonymous-1.5.27-5.1.C21mdk.i586.rpm
798328f930b8262188e745fcfbd7cb43  corporate/2.1/RPMS/libsasl7-plug-crammd5-1.5.27-5.1.C21mdk.i586.rpm
227b3b14966c940870415ed8e1590dc8  corporate/2.1/RPMS/libsasl7-plug-digestmd5-1.5.27-5.1.C21mdk.i586.rpm
c17b0582d7bfcc49feaf98a9650458fc  corporate/2.1/RPMS/libsasl7-plug-login-1.5.27-5.1.C21mdk.i586.rpm
455d4ae2174dad7622337bf2531e012f  corporate/2.1/RPMS/libsasl7-plug-plain-1.5.27-5.1.C21mdk.i586.rpm
a3ea8b441b6454eda5dbf4e9f7a0e126  corporate/2.1/SRPMS/cyrus-sasl-1.5.27-5.1.C21mdk.src.rpm

10.0 i586

 5e5d9e126e0bf03a9c7dc7def1213c4e  10.0/RPMS/cyrus-sasl-2.1.15-10.1.100mdk.i586.rpm
8562e1d0be93b26ea84d0b025644cea1  10.0/RPMS/libsasl2-2.1.15-10.1.100mdk.i586.rpm
533a72fdd6edc830d9217dd984da3aac  10.0/RPMS/libsasl2-devel-2.1.15-10.1.100mdk.i586.rpm
d736f6e8f20741c34e95637d43486471  10.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.1.100mdk.i586.rpm
b62cd043af5fa4dac25c3789b66849c5  10.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.1.100mdk.i586.rpm
e588f90d705706d284a6688dd4b9b136  10.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.1.100mdk.i586.rpm
1f6c4d7f481b6ff91b8d614648e98be5  10.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.1.100mdk.i586.rpm
286f311f343c2f21df4c9fbfd6809d79  10.0/RPMS/libsasl2-plug-login-2.1.15-10.1.100mdk.i586.rpm
eaea38b6454677074aff221769a06ee1  10.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.1.100mdk.i586.rpm
7e48e4c3631c7017a6eb492d09b2a10f  10.0/RPMS/libsasl2-plug-otp-2.1.15-10.1.100mdk.i586.rpm
da6cc786bda3e4e297c753708fa25d45  10.0/RPMS/libsasl2-plug-plain-2.1.15-10.1.100mdk.i586.rpm
555eab832bf1b6e6a230a896542475c1  10.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.1.100mdk.i586.rpm
0c2992258fcea6a83a1a421f2e8bcb57  10.0/RPMS/libsasl2-plug-srp-2.1.15-10.1.100mdk.i586.rpm
efdc07d417c7ebba707bc7bd5b13f829  10.0/SRPMS/cyrus-sasl-2.1.15-10.1.100mdk.src.rpm

9.2 i586

 61fd385bb6c9a096d9799df48d1ee82f  9.2/RPMS/cyrus-sasl-2.1.15-4.1.92mdk.i586.rpm
3c3514ca12a7fdd2e570aa591f455e13  9.2/RPMS/libsasl2-2.1.15-4.1.92mdk.i586.rpm
6ba003f5d656d14144dc8d49083db212  9.2/RPMS/libsasl2-devel-2.1.15-4.1.92mdk.i586.rpm
f86b5496c34adc514066f37b05128cf9  9.2/RPMS/libsasl2-plug-anonymous-2.1.15-4.1.92mdk.i586.rpm
7ac83050851d59918b27ebd32f060245  9.2/RPMS/libsasl2-plug-crammd5-2.1.15-4.1.92mdk.i586.rpm
f74524d4fa09ce1c57b64b3fa8d78c28  9.2/RPMS/libsasl2-plug-digestmd5-2.1.15-4.1.92mdk.i586.rpm
66bd5dce305693ff83fac906d8856371  9.2/RPMS/libsasl2-plug-gssapi-2.1.15-4.1.92mdk.i586.rpm
32aa5d36b1f3305c68cf94f98031003f  9.2/RPMS/libsasl2-plug-login-2.1.15-4.1.92mdk.i586.rpm
6c4014739c88a866c4fbee477c619724  9.2/RPMS/libsasl2-plug-ntlm-2.1.15-4.1.92mdk.i586.rpm
fcf63deaecb78df0821c100ba2916514  9.2/RPMS/libsasl2-plug-otp-2.1.15-4.1.92mdk.i586.rpm
27d0589f02db89408ae4598f5cf36051  9.2/RPMS/libsasl2-plug-plain-2.1.15-4.1.92mdk.i586.rpm
6f3ba42ebce674dc797a042dd6377b64  9.2/RPMS/libsasl2-plug-sasldb-2.1.15-4.1.92mdk.i586.rpm
bd6a6af7f73fa380ed7b7712acced412  9.2/RPMS/libsasl2-plug-srp-2.1.15-4.1.92mdk.i586.rpm
cc2e67e7a7df460932c8c97bbf9d79b6  9.2/SRPMS/cyrus-sasl-2.1.15-4.1.92mdk.src.rpm

Referenzen