CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
27.5%
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
Vendor | Product | Version | CPE |
---|---|---|---|
maildrop | maildrop | 0.50 | cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:* |
maildrop | maildrop | 0.51 | cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:* |
maildrop | maildrop | 0.51b | cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:* |
maildrop | maildrop | 0.51c | cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:* |
maildrop | maildrop | 0.54 | cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:* |
maildrop | maildrop | 0.54a | cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:* |
maildrop | maildrop | 0.54b | cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:* |
maildrop | maildrop | 0.55 | cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:* |
maildrop | maildrop | 0.55a | cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:* |
maildrop | maildrop | 0.55b | cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:* |