5 matches found
CVE-2005-2655
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments...
Debian DSA-791-1 : maildrop - missing privilege release
Max Vozeler discovered that the lockmail program from maildrop, a simple mail delivery agent with filtering abilities, does not drop group privileges before executing commands given on the commandline, allowing an attacker to execute arbitrary commands with privileges of the group mail...
CVE-2005-2655
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments...
[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 791-1 [email protected] http://www.debian.org/security/ Martin Schulze August 30th, 2005 http://www.debian.org/security/faq -...
CVE-2005-2655
CVE-2005-2655 affects maildrop’s lockmail component; prior to version 1.5.3, it does not drop group privileges before executing commands, enabling local privilege escalation via command-line arguments. Debian’s DSA-791-1 fixes this by updating maildrop to 1.5.3-1.1sarge1 (stable) and 1.5.3-2 (sid...