RedHat 7.0 Cyrus-SASL Authorization Vulnerability

Cyrus-SASL is an open-source implementation of SASL, the "Simple Authentication and Security Layer". The Cyrus-SASL 1.5.24 package that ships with RedHat 7.0 contains a bug in authorization code that may make it possible for an elevation of privileges.

The vulnerability reportedly allows authenticated users to access resources when they may not have the authorization to do so. This bug only affects the distribution of version 1.5.24 that ships with RedHat Linux 7.0. The Cyrus-SASL 1.5.24 package available at the main project ftp site does not contain this bug. Older versions of Cyrus-SASL that shipped with RedHat PowerTools are not vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus