oss-sec mailing list archives

Re: CVE id request: maildrop

From: Josh Bressers <bressers () redhat com>
Date: Thu, 28 Jan 2010 08:42:36 -0500 (EST)

----- "Steffen Joeris" <steffen.joeris () skolelinux de> wrote:


Christoph Anton Mitterer discovered that maildrop, a mail delivery agent
with filtering abilities, is prone to a privilege escalation issue that
grants a user root group privileges.


The issue occurs when invoking maildrop -d, which keeps the root group
privileges on the mailbox rather than changing them to the users gid.

[0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601


Use CVE-2010-0301.

Thanks.

-- 
    JB

Current thread:

CVE id request: maildrop Steffen Joeris (Jan 27)
- Re: CVE id request: maildrop Josh Bressers (Jan 28)
  - Re: CVE id request: maildrop Steffen Joeris (Jan 28)
    - Re: CVE id request: maildrop Josh Bressers (Jan 28)