Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2004:106)
High Nessus Plugin ID 15435
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in the libsasl library of cyrus-sasl.
libsasl honors the SASL_PATH environment variable blindly, which could allow a local user to create a malicious 'library' that would get executed with the effective ID of SASL when anything calls libsasl.
The provided packages are patched to protect against this vulnerability.
SolutionUpdate the affected packages.