The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Max CVSS
7.2
EPSS Score
0.05%
Published
2005-01-27
Updated
2017-10-11
1 vulnerabilities found