Maildrop Lets Local Users Gain Elevated Group Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (E-mail Server) > Maildrop

Vendors: Double Precision, Inc.

Maildrop Lets Local Users Gain Elevated Group Privileges

SecurityTracker Alert ID: 1023515

SecurityTracker URL: http://securitytracker.com/id/1023515

CVE Reference: CVE-2010-0301 (Links to External Site)

Updated: Feb 9 2010

Original Entry Date: Jan 28 2010

Impact: Root access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.3.0

Description: A vulnerability was reported in Maildrop. A local user can obtain elevated privileges on the target system.

On systems where the mail directory does not use the sticky bit, the '-d' command switch does not properly change the group privileges. A local user can obtain root group privileges.

The vulnerability resides in 'maildrop/main.C'.

Christoph Anton Mitterer reported this vulnerability.

Impact: A local user can obtain root group privileges on the target system.

Solution: The vendor has issued a source code fix.

Vendor URL: www.courier-mta.org/maildrop/ (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Source Message Contents

Date: Thu, 28 Jan 2010 13:14:37 +0000
Subject: Maildrop


http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC