Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201009-02
HistorySep 06, 2010 - 12:00 a.m.

Maildrop: privilege escalation

2010-09-0600:00:00
Gentoo Foundation
security.gentoo.org
8

0.0004 Low

EPSS

Percentile

5.2%

JSON

Background

maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server.

Description

Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root.

Impact

A local attacker could create a specially crafted .mailfilter file, possibly leading to the execution of arbitrary commands with the “root” group privileges. NOTE: Successful exploitation requires that maildrop is run as root with the -d option.

Workaround

There is no known workaround at this time.

Resolution

All maildrop users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-filter/maildrop-2.4.2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-filter/maildrop< 2.4.2UNKNOWN

Related

openvas 14
nessus 4
debiancve 1
prion 1
securityvulns 2
fedora 2
cvelist 1
debian 1
cve 1
seebug 1
ubuntucve 1
openvas
openvas
Fedora Update for maildrop FEDORA-2010-1927
2010-03-02 00:00:00
Gentoo Security Advisory GLSA 201009-02 (maildrop)
2011-03-09 00:00:00
Fedora Update for maildrop FEDORA-2010-1927
2010-03-02 00:00:00
nessus
nessus
GLSA-201009-02 : Maildrop: privilege escalation
2010-09-07 00:00:00
Fedora 12 : maildrop-2.4.0-12.fc12 (2010-1863)
2010-07-01 00:00:00
Debian DSA-1981-1 : maildrop - privilege escalation
2010-02-24 00:00:00
debiancve
debiancve
CVE-2010-0301
2010-02-04 20:15:00
prion
prion
Code injection
2010-02-04 20:15:00
securityvulns
securityvulns
[SECURITY] [DSA 1981-2] New maildrop packages fix regression
2010-02-04 00:00:00
maildrop privilege escalation
2010-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: maildrop-2.4.0-12.fc12
2010-02-16 13:10:19
[SECURITY] Fedora 11 Update: maildrop-2.4.0-12.fc11
2010-02-16 13:21:49
cvelist
cvelist
CVE-2010-0301
2010-02-04 18:00:00
debian
debian
[SECURITY] [DSA 1981-2] New maildrop packages fix regression
2010-01-28 20:20:03
cve
cve
CVE-2010-0301
2010-02-04 20:15:00
seebug
seebug
maildrop 2.3.0本地权限提升漏洞
2010-02-06 00:00:00
ubuntucve
ubuntucve
CVE-2010-0301
2010-02-04 00:00:00

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for GLSA-201009-02
openvas14nessus4debiancve1prion1securityvulns2fedora2cvelist1debian1cve1seebug1ubuntucve1