This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Fedora Core host is missing a security update.
At application startup, libsasl and libsasl2 attempt to build a list
of all SASL plug-ins which are available on the system. To do so, the
libraries search for and attempt to load every shared library found
within the plug-in directory. This location can be set with the
SASL_PATH environment variable.
In situations where an untrusted local user can affect the environment
of a privileged process, this behavior could be exploited to run
arbitrary code with the privileges of a setuid or setgid application.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0884 to this issue.
Users of cyrus-sasl should upgrade to these updated packages, which
contain backported patches and are not vulnerable to this issue.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.2
Family: Fedora Local Security Checks
Nessus Plugin ID: 15454 (fedora_2004-332.nasl)
CVE ID: CVE-2004-0884