Synopsis :

The remote Fedora Core host is missing a security update.

Description :

At application startup, libsasl and libsasl2 attempt to build a list
of all SASL plug-ins which are available on the system. To do so, the
libraries search for and attempt to load every shared library found
within the plug-in directory. This location can be set with the
SASL_PATH environment variable.

In situations where an untrusted local user can affect the environment
of a privileged process, this behavior could be exploited to run
arbitrary code with the privileges of a setuid or setgid application.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which
contain backported patches and are not vulnerable to this issue.

See also :

http://www.nessus.org/u?df3a72f4

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)