[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Briefing - 554/2004 - Red Hat Security Advisory - RHSA-2004:546-02 - Updated cyrus-sasl packages fix security flaw



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                                  UNIRAS (UK Gov CERT)
                                Advisory Type: Briefing

Id: 20041008-00755               Ref: 554/2004             Date: 08 October 2004   Time: 16:04
- ------------------------------------------------------------------------------------------
Title: Red Hat Security Advisory - RHSA-2004:546-02 - Updated cyrus-sasl packages fix security flaw
Abstract: 
Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available
Comment: Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available.
- ------------------------------------------------------------------------------------------
- ------------------------------------------------------------------------------------------
 

Title
=====

Red Hat Security Advisory - RHSA-2004:546-02 - Updated cyrus-sasl packages fix security flaw

Detail
====== 

Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available.


                     ESB-2004.0630 -- RHSA-2004:546-02
               Updated cyrus-sasl packages fix security flaw
                              8 October 2004


Product:                cyrus-sasl
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
                        Linux variants
                        UNIX variants
Impact:                 Execute Arbitrary Code/Commands
                        Increased Privileges
Access:                 Existing Account
CVE Names:              CAN-2004-0884

- - - --------------------------BEGIN INCLUDED TEXT--------------------

- - - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated cyrus-sasl packages fix security flaw
Advisory ID:       RHSA-2004:546-02
Issue date:        2004-10-07
Updated on:        2004-10-07
Product:           Red Hat Enterprise Linux
Keywords:          environment
CVE Names:         CAN-2004-0884
- - - - ---------------------------------------------------------------------

1. Summary:

Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available.

[Updated 7th October 2004]
Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The cyrus-sasl package contains the Cyrus implementation of SASL.  SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.

At application startup, libsasl and libsasl2 attempts to build a list of all available SASL plug-ins which are available on the system.  To do so, the libraries search for and attempt to load every shared library found within the plug-in directory.  This location can be set with the SASL_PATH environment variable.

In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.  Use Red Hat Network to download and update your packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

134657 - CAN-2004-0884 privilege escalation
134979 - cyrus-sasl causes crashes with ldap

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

ia64:
97497be93ad3074862be30b3eaf9fe46  cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320  cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504  cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64  cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f  cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

ia64:
97497be93ad3074862be30b3eaf9fe46  cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320  cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504  cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64  cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f  cyrus-sasl-plain-1.5.24-26.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9  cyrus-sasl-1.5.24-26.src.rpm

i386:
0ecb1995b05aebf41e8c609b367e902f  cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44  cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338  cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb  cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925  cyrus-sasl-plain-1.5.24-26.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm
a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

ppc:
b2bddd0010bd1340b753617edcb90caa  cyrus-sasl-2.1.15-10.ppc.rpm b110c26ced4d8557524e53ccc26ed46d  cyrus-sasl-devel-2.1.15-10.ppc.rpm
3bf9b253bbd5e280367b85fa99f99e8c  cyrus-sasl-gssapi-2.1.15-10.ppc.rpm
879100afe15b6641808e979edeef445c  cyrus-sasl-md5-2.1.15-10.ppc.rpm 8c8efc6cccb8cb3a09313133fbf912d6  cyrus-sasl-plain-2.1.15-10.ppc.rpm

ppc64:
edbd0ed195134adf55d2619ae86294ef  cyrus-sasl-2.1.15-10.ppc64.rpm

s390:
51f034feb0c6ff15940fa9ee8825b313  cyrus-sasl-2.1.15-10.s390.rpm 21d68bbf2ec87862ea962bb425803dca  cyrus-sasl-devel-2.1.15-10.s390.rpm
01ee5010919fe6810390042efe14fdb8  cyrus-sasl-gssapi-2.1.15-10.s390.rpm
b46dec0bfe0cd3d00b73d76e93c99ef0  cyrus-sasl-md5-2.1.15-10.s390.rpm 4d77001213929ab7dc7b0f29f8b864dc  cyrus-sasl-plain-2.1.15-10.s390.rpm

s390x:
993b18d386a38b63013cf3036907a81d  cyrus-sasl-2.1.15-10.s390x.rpm 51f034feb0c6ff15940fa9ee8825b313  cyrus-sasl-2.1.15-10.s390.rpm 8aafa73a49830c989bd0c41733ac4d16  cyrus-sasl-devel-2.1.15-10.s390x.rpm
9a758c6607181142de0754bad0472f6a  cyrus-sasl-gssapi-2.1.15-10.s390x.rpm
53d9d697764a09700b9fd09fb0367fc8  cyrus-sasl-md5-2.1.15-10.s390x.rpm
7183d87047ab36d80499dd74d3944927  cyrus-sasl-plain-2.1.15-10.s390x.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm
a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm
a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm
a9cde51259dec493061ea0e03bf04537  cyrus-sasl-2.1.15-10.src.rpm

i386:
4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263  cyrus-sasl-devel-2.1.15-10.i386.rpm
b4cb1b1d9f43c06371a85eac06de92ac  cyrus-sasl-gssapi-2.1.15-10.i386.rpm
4c481245bb88965e5501f787f67fb863  cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb  cyrus-sasl-plain-2.1.15-10.i386.rpm

ia64:
aa10aabc5083f29c91fc21b9b5e34081  cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5  cyrus-sasl-devel-2.1.15-10.ia64.rpm
e22e44ff1ef945b6f13cab172380e53d  cyrus-sasl-gssapi-2.1.15-10.ia64.rpm
90c8505c7c4e6e6657332c604b83a43c  cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35  cyrus-sasl-plain-2.1.15-10.ia64.rpm

x86_64:
6719a7d1f5aab57f890983c7b067a77f  cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652  cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea  cyrus-sasl-devel-2.1.15-10.x86_64.rpm
2176eb0408120e072a9ea434d970d656  cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm
a84b19147e50c5f3690356686d31f1bd  cyrus-sasl-md5-2.1.15-10.x86_64.rpm
434fb1bc67c4f98a84a7fc641b71fe3f  cyrus-sasl-plain-2.1.15-10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c.diff?r1=1.103&r2=1.104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBZb8FXlSAg2UNWIIRAnb+AKCMDcyrEhAuiH71iIy5J9kiLhwYTQCcCWIM
hIm3/gTOclZWmShyow4QVXw=
=dPAp
- - - -----END PGP SIGNATURE-----

- - - --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@xxxxxxxxxxxxxx and we will forward your request to the appropriate person.






- - ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- - ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- - ----------------------------------------------------------------------------------


- ----------------------------------------------------------------------------------
Acknowledgements

UNIRAS wishes to acknowledge the contributions of AusCERT for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
Digital Signature

This advisory has been digitally signed by GnuGP so that its readership
is able to confirm its integrity. The NISCC Public key is available
from http://www.niscc.gov.uk/niscc/faq-en.html.

NB: This is currently the sole purpose for this particular key, if you
need to send Not Protectively Marked or sensitive material to UNIRAS then
its PGP Public Key should be used and this is also available from
http://www.niscc.gov.uk/niscc/faq-en.html.
- ----------------------------------------------------------------------------------
Updates

This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.
- ----------------------------------------------------------------------------------
Legal Disclaimer

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.
- ----------------------------------------------------------------------------------
FIRST

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large.
- ----------------------------------------------------------------------------------
Contacts

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via EMail to:
uniras@xxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBZq0Hu3T4tp2zMUkRAuy2AJ4itUGN/algGJBNgIiM89+BbRzLegCdHz4K
ECNRTr+gKN/wvEXUYDgJl5Y=
=uh56
-----END PGP SIGNATURE-----