blob: ef10078611a44e4b16abe7846c8339b11d4a4cb1 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="201009-02">
<title>Maildrop: privilege escalation</title>
Insecure permission handling in maildrop might allow local attackers to
elevate their privileges.
<product type="ebuild">maildrop</product>
<announced>September 06, 2010</announced>
<revised>September 06, 2010: 01</revised>
<package name="mail-filter/maildrop" auto="yes" arch="*">
<unaffected range="ge">2.4.2</unaffected>
<vulnerable range="lt">2.4.2</vulnerable>
maildrop is the mail filter/mail delivery agent that is used by the
Courier Mail Server.
Christoph Anton Mitterer reported that maildrop does not properly drop
its privileges when run as root.
<impact type="high">
A local attacker could create a specially crafted .mailfilter file,
possibly leading to the execution of arbitrary commands with the "root"
group privileges. NOTE: Successful exploitation requires that maildrop
is run as root with the -d option.
There is no known workaround at this time.
All maildrop users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=mail-filter/maildrop-2.4.2&quot;</code>
<uri link="">CVE-2010-0301</uri>
<metadata tag="requester" timestamp="Sun, 29 Aug 2010 09:32:26 +0000">
<metadata tag="submitter" timestamp="Fri, 03 Sep 2010 21:46:47 +0000">
<metadata tag="bugReady" timestamp="Fri, 03 Sep 2010 21:46:57 +0000">