cyrus-sasl -- dynamic library loading and set-user-ID applications

2004-09-22T00:00:00
ID 92268205-1947-11D9-BC4A-000C41E2CDAD
Type freebsd
Reporter FreeBSD
Modified 2004-09-22T00:00:00

Description

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges.