Lucene search
DebianCVE-2005-2655HistoryAug 30, 2005 - 5:03 p.m.
CVE-2005-2655
2005-08-3017:03:00
debian
web.nvd.nist.gov
31
cve-2005-2655
lockmail
maildrop
privilege escalation
local exploit
nvd
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0.001
Percentile
27.5%
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
Affected configurations
Node
maildropmaildropMatch0.50
ORmaildropmaildropMatch0.51
ORmaildropmaildropMatch0.51b
ORmaildropmaildropMatch0.51c
ORmaildropmaildropMatch0.54
ORmaildropmaildropMatch0.54a
ORmaildropmaildropMatch0.54b
ORmaildropmaildropMatch0.55
ORmaildropmaildropMatch0.55a
ORmaildropmaildropMatch0.55b
ORmaildropmaildropMatch0.55c
ORmaildropmaildropMatch0.60
ORmaildropmaildropMatch0.61
ORmaildropmaildropMatch0.62
ORmaildropmaildropMatch0.63
ORmaildropmaildropMatch0.64
ORmaildropmaildropMatch0.65
ORmaildropmaildropMatch0.70
ORmaildropmaildropMatch0.71
ORmaildropmaildropMatch0.72
ORmaildropmaildropMatch0.73
ORmaildropmaildropMatch0.74
ORmaildropmaildropMatch0.75
ORmaildropmaildropMatch0.76
ORmaildropmaildropMatch0.99.1
ORmaildropmaildropMatch0.99.2
ORmaildropmaildropMatch1.0
ORmaildropmaildropMatch1.1
ORmaildropmaildropMatch1.2
ORmaildropmaildropMatch1.2.1
ORmaildropmaildropMatch1.2.2
ORmaildropmaildropMatch1.3.0
ORmaildropmaildropMatch1.3.1
ORmaildropmaildropMatch1.3.3
ORmaildropmaildropMatch1.3.4
ORmaildropmaildropMatch1.3.5
ORmaildropmaildropMatch1.3.6
ORmaildropmaildropMatch1.3.7
ORmaildropmaildropMatch1.3.8
ORmaildropmaildropMatch1.3.9
ORmaildropmaildropMatch1.4.0
ORmaildropmaildropMatch1.5.0
ORmaildropmaildropMatch1.5.1
ORmaildropmaildropMatch1.5.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| maildrop | maildrop | 0.50 | cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.51 | cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.51b | cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.51c | cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.54 | cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.54a | cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.54b | cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.55 | cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.55a | cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:* |
| maildrop | maildrop | 0.55b | cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:* |
References
Related
debian
debian
debiancve
debiancve
CVE-2005-2655
2005-08-30 17:03:00
openvas
openvas
Debian: Security Advisory (DSA-791-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 791-1 (maildrop)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-791-1 : maildrop - missing privilege release
2005-09-06 00:00:00
nvd
nvd
CVE-2005-2655
2005-08-30 17:03:00
cvelist
cvelist
CVE-2005-2655
2005-08-30 04:00:00
ubuntucve
ubuntucve
CVE-2005-2655
2005-08-30 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0.001
Percentile
27.5%
Related for CVE-2005-2655