ID CVE-2005-2655 Type cve Reporter NVD Modified 2008-09-05T16:52:20
Description
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
{"osvdb": [{"lastseen": "2017-04-28T13:20:15", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1014825\n[Secunia Advisory ID:16610](https://secuniaresearch.flexerasoftware.com/advisories/16610/)\nOther Advisory URL: http://www.debian.org/security/2005/dsa-791\n[CVE-2005-2655](https://vulners.com/cve/CVE-2005-2655)\n", "reporter": "OSVDB", "published": "2005-08-30T15:01:15", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "maildrop lockmail Privileged Local Command Execution", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-2655"], "modified": "2005-08-30T15:01:15", "href": "https://vulners.com/osvdb/OSVDB:19083", "id": "OSVDB:19083", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:21", "references": [], "pluginID": "55193", "description": "The remote host is missing an update to maildrop\nannounced via advisory DSA 791-1.\n\nMax Vozeler discoveredt hat the lockmail program from maildrop, a\nsimple mail delivery agent with filtering abilities, does not drop\ngroup privileges before executing commands given on the commandline,\nallowing an attacker to execute arbitrary commands under with group\nmail privileges.\n\nThe old stable distribution (woody) is not affected by this problem.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 791-1 (maildrop)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2655"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55193", "id": "OPENVAS:55193", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_791_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 791-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 1.5.3-1.1sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.5.3-2.\n\nWe recommend that you upgrade your maildrop package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20791-1\";\ntag_summary = \"The remote host is missing an update to maildrop\nannounced via advisory DSA 791-1.\n\nMax Vozeler discoveredt hat the lockmail program from maildrop, a\nsimple mail delivery agent with filtering abilities, does not drop\ngroup privileges before executing commands given on the commandline,\nallowing an attacker to execute arbitrary commands under with group\nmail privileges.\n\nThe old stable distribution (woody) is not affected by this problem.\";\n\n\nif(description)\n{\n script_id(55193);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2655\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 791-1 (maildrop)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"maildrop\", ver:\"1.5.3-1.1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:15:07", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "packageVersion": "(not affected)", "arch": "all", "packageFilename": "maildrop_(not affected)_all.deb", "packageName": "maildrop", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3.1", "packageVersion": "1.5.3-1.1sarge1", "arch": "all", "packageFilename": "maildrop_1.5.3-1.1sarge1_all.deb", "packageName": "maildrop", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 791-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nAugust 30th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : maildrop\nVulnerability : missing privilege release\nProblem-Type : local\nDebian-specific: yes\nCVE ID : CAN-2005-2655\nDebian Bug : 325135\n\nMax Vozeler discoveredt hat the lockmail program from maildrop, a\nsimple mail delivery agent with filtering abilities, does not drop\ngroup privileges before executing commands given on the commandline,\nallowing an attacker to execute arbitrary commands under with group\nmail privileges.\n\nThe old stable distribution (woody) is not affected by this problem.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.5.3-1.1sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.5.3-2.\n\nWe recommend that you upgrade your maildrop package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.dsc\n Size/MD5 checksum: 596 e76d7a43dde5122dbabd21b994a32f2f\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.diff.gz\n Size/MD5 checksum: 22819 3ec43b768cfb2c8b006c5c4a381afc3b\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3.orig.tar.gz\n Size/MD5 checksum: 1009174 5c7727ddff120a339fb9658d6c553462\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_alpha.deb\n Size/MD5 checksum: 363330 5aa987d64b2d28961fb2b1e65b865ea3\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_amd64.deb\n Size/MD5 checksum: 329170 29e4ae76fce86fa5c7b17be3fc06b07f\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_arm.deb\n Size/MD5 checksum: 305936 c99c08496e5aa6f4e48f3cead6cd1041\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_i386.deb\n Size/MD5 checksum: 315316 45a21b635d79fd783a6a4b2ea8eeb0fb\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_ia64.deb\n Size/MD5 checksum: 405646 c2be65e5af7085deafd4c332d624f9b5\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_hppa.deb\n Size/MD5 checksum: 348108 400ddf8ee844b685e683893de2bc7186\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_m68k.deb\n Size/MD5 checksum: 294932 72e7e31ec6408f5a00012141718666d6\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mips.deb\n Size/MD5 checksum: 348182 f66f3863c068e3f3897ee531f242f4ea\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mipsel.deb\n Size/MD5 checksum: 348002 6b8b8047154a4aae6ae4a08a26c328a4\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_powerpc.deb\n Size/MD5 checksum: 326702 0b5a94cede67887ce474ca37cd48da54\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_s390.deb\n Size/MD5 checksum: 321620 d7c3b3acc5445e5ca53cf9986a837d81\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_sparc.deb\n Size/MD5 checksum: 307994 0ca7e53ae93ba472527eedda1d92490f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 1, "reporter": "Debian", "published": "2005-08-30T00:00:00", "title": "[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:15:07", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2655"], "modified": "2005-08-30T00:00:00", "id": "DEBIAN:DSA-791-1:365ED", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00179.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:44:47", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325135", "http://www.debian.org/security/2005/dsa-791"], "pluginID": "19561", "description": "Max Vozeler discovered that the lockmail program from maildrop, a simple mail delivery agent with filtering abilities, does not drop group privileges before executing commands given on the commandline, allowing an attacker to execute arbitrary commands with privileges of the group mail.", "edition": 6, "reporter": "Tenable", "published": "2005-09-06T00:00:00", "title": "Debian DSA-791-1 : maildrop - missing privilege release", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2655"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:maildrop"], "id": "DEBIAN_DSA-791.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19561", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-791. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19561);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-2655\");\n script_xref(name:\"DSA\", value:\"791\");\n\n script_name(english:\"Debian DSA-791-1 : maildrop - missing privilege release\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Max Vozeler discovered that the lockmail program from maildrop, a\nsimple mail delivery agent with filtering abilities, does not drop\ngroup privileges before executing commands given on the commandline,\nallowing an attacker to execute arbitrary commands with privileges of\nthe group mail.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-791\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the maildrop package.\n\nThe old stable distribution (woody) is not affected by this problem.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.5.3-1.1sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:maildrop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"maildrop\", reference:\"1.5.3-1.1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
