16 matches found
Gentoo Security Advisory GLSA 201009-02 (maildrop)
The remote host is missing updates announced in advisory GLSA 201009-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 201009-02 (maildrop)
The remote host is missing updates announced in advisory GLSA 201009-02. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Fedora 11 : maildrop-2.4.0-12.fc11 (2010-1927)
This update brings maildrop to the latest upstream version closing CVE-2010-0301. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora Update for maildrop FEDORA-2010-1863
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian DSA-1981-1 : maildrop - privilege escalation
Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Mandriva Update for maildrop MDVSA-2010:038 (maildrop)
Check for the Version of maildrop OpenVAS Vulnerability Test Mandriva Update for maildrop MDVSA-2010:038 maildrop Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
maildrop 2.3.0本地权限提升漏洞
CVE ID: CVE-2010-0301 maildrop是带有过滤功能的邮件传输代理。 如果root用户以-d选项运行maildrop,则main.C使用了root的gid执行用户主目录中的.mailfilter,这允许本地用户通过特制文件获得权限提升。成功攻击要求maildrop编译为没有设置RESETGID,如邮件目录没有使用粘着位。 Double Precision Inc. maildrop 2.3.0 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1981-1)以及相应补丁: DSA-1981-1:New maildrop...
CVE-2010-0301
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file...
CVE-2010-0301
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file...
CVE-2010-0301
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file...
CVE-2010-0301
Affected software: maildrop (2.3.0 and earlier). Root-privilege escalation path: when run by root with the -d option, maildrop executes the user’s .mailfilter file using root GID, allowing local privilege escalation. Impact: arbitrary commands with root privileges if a crafted .mailfilter is prov...
CVE-2010-0301
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file...
CVE-2010-0301
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file...
[SECURITY] [DSA 1981-2] New maildrop packages fix regression
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1981-2 [email protected] http://www.debian.org/security/ Steffen Joeris January 28, 2010 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-1981-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1981-2] New maildrop packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-1981-2 [email protected] http://www.debian.org/security/ Steffen Joeris January 28, 2010 http://www.debian.org/security/faq -...