Lucene search

[email protected]NVD:CVE-2010-0301

HistoryFeb 04, 2010 - 8:15 p.m.

CVE-2010-0301

2010-02-0420:15:23

CWE-264

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user’s home directory, which allows local users to gain privileges via a crafted file.

Affected configurations

NVD

Node

maildropmaildropRange≤2.3.0

maildropmaildropMatch0.50

maildropmaildropMatch0.51

maildropmaildropMatch0.51b

maildropmaildropMatch0.51c

maildropmaildropMatch0.54

maildropmaildropMatch0.54a

maildropmaildropMatch0.54b

maildropmaildropMatch0.55

maildropmaildropMatch0.55a

maildropmaildropMatch0.55b

maildropmaildropMatch0.55c

maildropmaildropMatch0.60

maildropmaildropMatch0.61

maildropmaildropMatch0.62

maildropmaildropMatch0.63

maildropmaildropMatch0.64

maildropmaildropMatch0.65

maildropmaildropMatch0.70

maildropmaildropMatch0.71

maildropmaildropMatch0.72

maildropmaildropMatch0.73

maildropmaildropMatch0.74

maildropmaildropMatch0.75

maildropmaildropMatch0.76

maildropmaildropMatch0.99.1

maildropmaildropMatch0.99.2

maildropmaildropMatch1.0

maildropmaildropMatch1.1

maildropmaildropMatch1.2

maildropmaildropMatch1.2.1

maildropmaildropMatch1.2.2

maildropmaildropMatch1.3.0

maildropmaildropMatch1.3.1

maildropmaildropMatch1.3.3

maildropmaildropMatch1.3.4

maildropmaildropMatch1.3.5

maildropmaildropMatch1.3.6

maildropmaildropMatch1.3.7

maildropmaildropMatch1.3.8

maildropmaildropMatch1.3.9

maildropmaildropMatch1.4.0

maildropmaildropMatch1.5.0

maildropmaildropMatch1.5.1

maildropmaildropMatch1.5.2

maildropmaildropMatch1.6.2

maildropmaildropMatch1.6.3

maildropmaildropMatch1.7.0

maildropmaildropMatch1.8.1

maildropmaildropMatch2.0.0

maildropmaildropMatch2.0.1

maildropmaildropMatch2.0.2

maildropmaildropMatch2.0.3

maildropmaildropMatch2.0.4

maildropmaildropMatch2.1

maildropmaildropMatch2.2

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601

marc.info/?l=oss-security&m=126462927918840&w=2

marc.info/?l=oss-security&m=126468324913920&w=2

marc.info/?l=oss-security&m=126468551017070&w=2

marc.info/?l=oss-security&m=126468618017829&w=2

secunia.com/advisories/38367

secunia.com/advisories/38374

securitytracker.com/id?1023515

www.courier-mta.org/maildrop/changelog.html

www.debian.org/security/2010/dsa-1981

bugzilla.redhat.com/show_bug.cgi?id=559681

exchange.xforce.ibmcloud.com/vulnerabilities/55980

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2010-0301

nessus4 openvas14 debiancve1 cvelist1 fedora2 securityvulns2 prion1 cve1 debian1 gentoo1 seebug1 ubuntucve1