oss-sec mailing list archives
Re: CVE id request: maildrop
From: Josh Bressers <bressers () redhat com>
Date: Thu, 28 Jan 2010 08:42:36 -0500 (EST)
----- "Steffen Joeris" <steffen.joeris () skolelinux de> wrote:
Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. The issue occurs when invoking maildrop -d, which keeps the root group privileges on the mailbox rather than changing them to the users gid.
[0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601
Use CVE-2010-0301. Thanks. -- JB
Current thread:
- CVE id request: maildrop Steffen Joeris (Jan 27)
- Re: CVE id request: maildrop Josh Bressers (Jan 28)
- Re: CVE id request: maildrop Steffen Joeris (Jan 28)
- Re: CVE id request: maildrop Josh Bressers (Jan 28)
- Re: CVE id request: maildrop Steffen Joeris (Jan 28)
- Re: CVE id request: maildrop Josh Bressers (Jan 28)