CVE-2010-0301

Sažetak

main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601
http://marc.info/?l=oss-security&m=126462927918840&w=2
http://marc.info/?l=oss-security&m=126468324913920&w=2
http://marc.info/?l=oss-security&m=126468551017070&w=2
http://marc.info/?l=oss-security&m=126468618017829&w=2
http://secunia.com/advisories/38367
http://secunia.com/advisories/38374
http://securitytracker.com/id?1023515
http://www.courier-mta.org/maildrop/changelog.html
http://www.debian.org/security/2010/dsa-1981
https://bugzilla.redhat.com/show_bug.cgi?id=559681
https://exchange.xforce.ibmcloud.com/vulnerabilities/55980

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

04-02-2010 - 20:15