---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated cyrus-sasl packages fix security flaw
Advisory ID:       RHSA-2004:546-02
Issue date:        2004-10-07
Updated on:        2004-10-07
Product:           Red Hat Enterprise Linux
Keywords:          environment
CVE Names:         CAN-2004-0884
---------------------------------------------------------------------

1. Summary:

Updated cyrus-sasl packages that fix a setuid and setgid application
vulnerability are now available.

[Updated 7th October 2004]
Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3;
the patch in the previous packages broke interaction with ldap.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The cyrus-sasl package contains the Cyrus implementation of SASL.  SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.

At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system.  To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory.  This location can be set with the SASL_PATH
environment variable.

In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

134657 - CAN-2004-0884 privilege escalation
134979 - cyrus-sasl causes crashes with ldap

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

ia64:
97497be93ad3074862be30b3eaf9fe46  cyrus-sasl-1.5.24-26.ia64.rpm
6c4362bc42c9c41f7eb07b61ee733320  cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504  cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64  cyrus-sasl-md5-1.5.24-26.ia64.rpm
1eb867b4419336e95ffffec0a88fe01f  cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

ia64:
97497be93ad3074862be30b3eaf9fe46  cyrus-sasl-1.5.24-26.ia64.rpm
6c4362bc42c9c41f7eb07b61ee733320  cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504  cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64  cyrus-sasl-md5-1.5.24-26.ia64.rpm
1eb867b4419336e95ffffec0a88fe01f  cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm
baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

ppc:
b2bddd0010bd1340b753617edcb90caa  cyrus-sasl-2.1.15-10.ppc.rpm
b110c26ced4d8557524e53ccc26ed46d  cyrus-sasl-devel-2.1.15-10.ppc.rpm
3bf9b253bbd5e280367b85fa99f99e8c  cyrus-sasl-gssapi-2.1.15-10.ppc.rpm
879100afe15b6641808e979edeef445c  cyrus-sasl-md5-2.1.15-10.ppc.rpm
8c8efc6cccb8cb3a09313133fbf912d6  cyrus-sasl-plain-2.1.15-10.ppc.rpm

ppc64:
edbd0ed195134adf55d2619ae86294ef  cyrus-sasl-2.1.15-10.ppc64.rpm

s390:
51f034feb0c6ff15940fa9ee8825b313  cyrus-sasl-2.1.15-10.s390.rpm
21d68bbf2ec87862ea962bb425803dca  cyrus-sasl-devel-2.1.15-10.s390.rpm
01ee5010919fe6810390042efe14fdb8  cyrus-sasl-gssapi-2.1.15-10.s390.rpm
b46dec0bfe0cd3d00b73d76e93c99ef0  cyrus-sasl-md5-2.1.15-10.s390.rpm
4d77001213929ab7dc7b0f29f8b864dc  cyrus-sasl-plain-2.1.15-10.s390.rpm

s390x:
993b18d386a38b63013cf3036907a81d  cyrus-sasl-2.1.15-10.s390x.rpm
51f034feb0c6ff15940fa9ee8825b313  cyrus-sasl-2.1.15-10.s390.rpm
8aafa73a49830c989bd0c41733ac4d16  cyrus-sasl-devel-2.1.15-10.s390x.rpm
9a758c6607181142de0754bad0472f6a  cyrus-sasl-gssapi-2.1.15-10.s390x.rpm
53d9d697764a09700b9fd09fb0367fc8  cyrus-sasl-md5-2.1.15-10.s390x.rpm
7183d87047ab36d80499dd74d3944927  cyrus-sasl-plain-2.1.15-10.s390x.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm
baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm
baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
 

7. References:

  
CVE -CVE-2004-0884

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at  

Copyright 2004 Red Hat, Inc.

Red Hat: cyrus-sasl security flaw fix

Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available.

Summary



Summary

The cyrus-sasl package contains the Cyrus implementation of SASL. SASL isthe Simple Authentication and Security Layer, a method for addingauthentication support to connection-based protocols.At application startup, libsasl and libsasl2 attempts to build a listof all available SASL plug-ins which are available on the system. To doso, the libraries search for and attempt to load every shared library foundwithin the plug-in directory. This location can be set with the SASL_PATHenvironment variable.In situations where an untrusted local user can affect the environment of aprivileged process, this behavior could be exploited to run arbitrary codewith the privileges of a setuid or setgid application. The CommonVulnerabilities and Exposures project (cve.mitre.org) has assigned the nameCAN-2004-0884 to this issue.Users of cyrus-sasl should upgrade to these updated packages, which containbackported patches and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
134657 - CAN-2004-0884 privilege escalation 134979 - cyrus-sasl causes crashes with ldap
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm
ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm
i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm
ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm
ppc: b2bddd0010bd1340b753617edcb90caa cyrus-sasl-2.1.15-10.ppc.rpm b110c26ced4d8557524e53ccc26ed46d cyrus-sasl-devel-2.1.15-10.ppc.rpm 3bf9b253bbd5e280367b85fa99f99e8c cyrus-sasl-gssapi-2.1.15-10.ppc.rpm 879100afe15b6641808e979edeef445c cyrus-sasl-md5-2.1.15-10.ppc.rpm 8c8efc6cccb8cb3a09313133fbf912d6 cyrus-sasl-plain-2.1.15-10.ppc.rpm
ppc64: edbd0ed195134adf55d2619ae86294ef cyrus-sasl-2.1.15-10.ppc64.rpm
s390: 51f034feb0c6ff15940fa9ee8825b313 cyrus-sasl-2.1.15-10.s390.rpm 21d68bbf2ec87862ea962bb425803dca cyrus-sasl-devel-2.1.15-10.s390.rpm 01ee5010919fe6810390042efe14fdb8 cyrus-sasl-gssapi-2.1.15-10.s390.rpm b46dec0bfe0cd3d00b73d76e93c99ef0 cyrus-sasl-md5-2.1.15-10.s390.rpm 4d77001213929ab7dc7b0f29f8b864dc cyrus-sasl-plain-2.1.15-10.s390.rpm
s390x: 993b18d386a38b63013cf3036907a81d cyrus-sasl-2.1.15-10.s390x.rpm 51f034feb0c6ff15940fa9ee8825b313 cyrus-sasl-2.1.15-10.s390.rpm 8aafa73a49830c989bd0c41733ac4d16 cyrus-sasl-devel-2.1.15-10.s390x.rpm 9a758c6607181142de0754bad0472f6a cyrus-sasl-gssapi-2.1.15-10.s390x.rpm 53d9d697764a09700b9fd09fb0367fc8 cyrus-sasl-md5-2.1.15-10.s390x.rpm 7183d87047ab36d80499dd74d3944927 cyrus-sasl-plain-2.1.15-10.s390x.rpm
x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm
i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm
x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm
i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm
ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm
x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm
i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm
ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm
x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

References

CVE -CVE-2004-0884

Package List


Severity
Advisory ID: RHSA-2004:546-02
Issued Date: : 2004-10-07
Updated on: 2004-10-07
Product: Red Hat Enterprise Linux
Keywords: environment
CVE Names: CAN-2004-0884

Topic

Updated cyrus-sasl packages that fix a setuid and setgid applicationvulnerability are now available.[Updated 7th October 2004]Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3;the patch in the previous packages broke interaction with ldap.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved