oss-sec mailing list archives
Re: CVE id request: maildrop
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Thu, 28 Jan 2010 14:31:24 +0100
Hi Josh On Thu, 28 Jan 2010 01:53:41 pm Josh Bressers wrote:
----- "Steffen Joeris" <steffen.joeris () skolelinux de> wrote:Could I please get a CVE id for this privilege escalation bug[0] in maildrop? Cheers Steffen [0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601Can you sum this up in a few sentences? I'm having a horrible time following that bug.
From the DSA text: Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. The issue occurs when invoking maildrop -d, which keeps the root group privileges on the mailbox rather than changing them to the users gid. Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request: maildrop Steffen Joeris (Jan 27)
- Re: CVE id request: maildrop Josh Bressers (Jan 28)
- Re: CVE id request: maildrop Steffen Joeris (Jan 28)
- Re: CVE id request: maildrop Josh Bressers (Jan 28)
- Re: CVE id request: maildrop Steffen Joeris (Jan 28)
- Re: CVE id request: maildrop Josh Bressers (Jan 28)