CVE-2004-0884

2005-01-27T00:00:00
ID CVE-2004-0884
Type cve
Reporter NVD
Modified 2017-10-10T21:29:36

Description

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.