Title: RedHat 7.0 Cyrus-SASL Authorization Vulnerability
Severity: MODERATE
Description:
Cyrus-SASL is an open-source implementation of SASL, the "Simple Authentication and Security Layer". The Cyrus-SASL 1.5.24 package that ships with RedHat 7.0 contains a bug in authorization code that may make it possible for an elevation of privileges.
The vulnerability reportedly allows authenticated users to access resources when they may not have the authorization to do so. This bug only affects the distribution of version 1.5.24 that ships with RedHat Linux 7.0. The Cyrus-SASL 1.5.24 package available at the main project ftp site does not contain this bug. Older versions of Cyrus-SASL that shipped with RedHat PowerTools are not vulnerable.
Affected Products:
- Carnegie Mellon University Cyrus-SASL 1.5.24 with RedHat 7.0
- RedHat Linux 7.0.0
References:
- Carnegie Mellon University: Cyrus Project Homepage
- RedHat: Updates, Fixes, and Errata Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
