Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:546

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51149

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:546

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:546.

The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.

At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system. To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory. This location can be set with the SASL_PATH
environment variable.

In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-546.html

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 11347
Common Vulnerability Exposure (CVE) ID: CVE-2004-0884
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
http://www.securityfocus.com/bid/11347
Bugtraq: 20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl) (Google Search)
http://marc.info/?l=bugtraq&m=110693126007214&w=2
Computer Incident Advisory Center Bulletin: P-003
http://www.ciac.org/ciac/bulletins/p-003.shtml
Debian Security Information: DSA-563 (Google Search)
http://www.debian.org/security/2004/dsa-563
Debian Security Information: DSA-568 (Google Search)
http://www.debian.org/security/2004/dsa-568
https://bugzilla.fedora.us/show_bug.cgi?id=2137
http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678
RedHat Security Advisories: RHSA-2004:546
http://rhn.redhat.com/errata/RHSA-2004-546.html
http://www.trustix.net/errata/2004/0053/
XForce ISS Database: cyrus-sasl-saslpath(17643)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17643

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51149
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:546
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:546. The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. At application startup, libsasl and libsasl2 attempts to build a list of all available SASL plug-ins which are available on the system. To do so, the libraries search for and attempt to load every shared library found within the plug-in directory. This location can be set with the SASL_PATH environment variable. In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0884 to this issue. Users of cyrus-sasl should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-546.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 11347 Common Vulnerability Exposure (CVE) ID: CVE-2004-0884 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://www.securityfocus.com/bid/11347 Bugtraq: 20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl) (Google Search) http://marc.info/?l=bugtraq&m=110693126007214&w=2 Computer Incident Advisory Center Bulletin: P-003 http://www.ciac.org/ciac/bulletins/p-003.shtml Debian Security Information: DSA-563 (Google Search) http://www.debian.org/security/2004/dsa-563 Debian Security Information: DSA-568 (Google Search) http://www.debian.org/security/2004/dsa-568 https://bugzilla.fedora.us/show_bug.cgi?id=2137 http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678 RedHat Security Advisories: RHSA-2004:546 http://rhn.redhat.com/errata/RHSA-2004-546.html http://www.trustix.net/errata/2004/0053/ XForce ISS Database: cyrus-sasl-saslpath(17643) https://exchange.xforce.ibmcloud.com/vulnerabilities/17643
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com