FreeBSD : cyrus-sasl -- dynamic library loading and set-user-ID applications (92268205-1947-11d9-bc4a-000c41e2cdad)
High Nessus Plugin ID 37777
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges.
SolutionUpdate the affected packages.