Re: [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution
From: Philip Ross <psr@warwickcompsoc.co.uk>
Date: Tue, 12 Oct 2004 15:24:42 +0100
Message-id: <[🔎] ckgpfa$3fd$1@sea.gmane.org>
In-reply-to: <m1CHM94-000ommC@finlandia.Infodrom.North.DE>
References: <m1CHM94-000ommC@finlandia.Infodrom.North.DE>

Martin Schulze wrote:

- --------------------------------------------------------------------------
Debian Security Advisory DSA 563-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 12th, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cyrus-sasl
Vulnerability  : unsanitised input
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0884
Debian Bug     : 275498

A vulnerability has been discovered in the Cyrus implementation of the
SASL library, the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols.  The
library honors the environment variable SASL_PATH blindly, which
allows a local user to link against a malicious library to run
arbitrary code with the privileges of a setuid or setgid application.

For the stable distribution (woody) this problem has been fixed in
version 1.5.27-3woody2.

This update for woody has broken ldapsearch form ldap-utils. ldapsearchnow segfaults at startup.


# gdb ldapsearch
GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certainconditions.

Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...(no debugging symbols found)...
(gdb) run
Starting program: /usr/bin/ldapsearch

(no debugging symbols found)...(no debugging symbols found)...(nodebugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(nodebugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(nodebugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(nodebugging symbols found)...

Program received signal SIGSEGV, Segmentation fault.
0x4004ce05 in sasl_errstring () from /usr/lib/libsasl.so.7

Phil

Reply to:

Follow-Ups:
- Re: [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Re: [SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution
Next by Date: Re: [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution
Previous by thread: Re: [SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution
Next by thread: Re: [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution
Index(es):
- Date
- Thread