Computer Security

CVE-2010-0301
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2010-0301
StatusCandidate
Descriptionmain.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.
SeverityMedium
CVSS score6,9
CVSS vector(AV:L/AC:M/Au:N/C:C/I:C/A:C)
PhaseAssigned (06.01.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0301
ReferencesCONFIRM : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
 CONFIRM : http://www.courier-mta.org/maildrop/changelog.html
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=559681
 DEBIAN : DSA-1981
 MLIST : [oss-security] 20100127 CVE id request: maildrop
 MLIST : [oss-security] 20100128 Re: CVE id request: maildrop
 MLIST : [oss-security] 20100128 Re: CVE id request: maildrop
 MLIST : [oss-security] 20100128 Re: CVE id request: maildrop
 SECTRACK : 1023515
 SECUNIA : 38367
 SECUNIA : 38374
 XF : maildrop-group-priv-escalation(55980)
SecurityVulns:maildrop privilege escalation
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server