---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated cyrus-sasl packages fix security flaw
Advisory ID:       RHSA-2004:546-02
Issue date:        2004-10-07
Updated on:        2004-10-07
Product:           Red Hat Enterprise Linux
Keywords:          environment
CVE Names:         CAN-2004-0884
---------------------------------------------------------------------

1. Summary:

Updated cyrus-sasl packages that fix a setuid and setgid application
vulnerability are now available.

[Updated 7th October 2004]
Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3;
the patch in the previous packages broke interaction with ldap.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The cyrus-sasl package contains the Cyrus implementation of SASL.  SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.

At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system.  To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory.  This location can be set with the SASL_PATH
environment variable.

In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

134657 - CAN-2004-0884 privilege escalation
134979 - cyrus-sasl causes crashes with ldap

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

ia64:
97497be93ad3074862be30b3eaf9fe46  cyrus-sasl-1.5.24-26.ia64.rpm
6c4362bc42c9c41f7eb07b61ee733320  cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504  cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64  cyrus-sasl-md5-1.5.24-26.ia64.rpm
1eb867b4419336e95ffffec0a88fe01f  cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

ia64:
97497be93ad3074862be30b3eaf9fe46  cyrus-sasl-1.5.24-26.ia64.rpm
6c4362bc42c9c41f7eb07b61ee733320  cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504  cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64  cyrus-sasl-md5-1.5.24-26.ia64.rpm
1eb867b4419336e95ffffec0a88fe01f  cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 

adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm
baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

ppc:
b2bddd0010bd1340b753617edcb90caa  cyrus-sasl-2.1.15-10.ppc.rpm
b110c26ced4d8557524e53ccc26ed46d  cyrus-sasl-devel-2.1.15-10.ppc.rpm
3bf9b253bbd5e280367b85fa99f99e8c  cyrus-sasl-gssapi-2.1.15-10.ppc.rpm
879100afe15b6641808e979edeef445c  cyrus-sasl-md5-2.1.15-10.ppc.rpm
8c8efc6cccb8cb3a09313133fbf912d6  cyrus-sasl-plain-2.1.15-10.ppc.rpm

ppc64:
edbd0ed195134adf55d2619ae86294ef  cyrus-sasl-2.1.15-10.ppc64.rpm

s390:
51f034feb0c6ff15940fa9ee8825b313  cyrus-sasl-2.1.15-10.s390.rpm
21d68bbf2ec87862ea962bb425803dca  cyrus-sasl-devel-2.1.15-10.s390.rpm
01ee5010919fe6810390042efe14fdb8  cyrus-sasl-gssapi-2.1.15-10.s390.rpm
b46dec0bfe0cd3d00b73d76e93c99ef0  cyrus-sasl-md5-2.1.15-10.s390.rpm
4d77001213929ab7dc7b0f29f8b864dc  cyrus-sasl-plain-2.1.15-10.s390.rpm

s390x:
993b18d386a38b63013cf3036907a81d  cyrus-sasl-2.1.15-10.s390x.rpm
51f034feb0c6ff15940fa9ee8825b313  cyrus-sasl-2.1.15-10.s390.rpm
8aafa73a49830c989bd0c41733ac4d16  cyrus-sasl-devel-2.1.15-10.s390x.rpm
9a758c6607181142de0754bad0472f6a  cyrus-sasl-gssapi-2.1.15-10.s390x.rpm
53d9d697764a09700b9fd09fb0367fc8  cyrus-sasl-md5-2.1.15-10.s390x.rpm
7183d87047ab36d80499dd74d3944927  cyrus-sasl-plain-2.1.15-10.s390x.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm
baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 

a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm
3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm
baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm
e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
 

7. References:

  
CVE -CVE-2004-0884

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at  

Copyright 2004 Red Hat, Inc.