Loading
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
Use Cyrus vendor hub and Sasl product page to widen CVE-2004-0884 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2005-0373, CVE-2002-2043 and CVE-2006-1721 for nearby disclosures in the same product family.