[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE id request: maildrop
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-01-28 13:42:36
Message-ID: 945089069.423521264686156478.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Steffen Joeris" <steffen.joeris@skolelinux.de> wrote:
>
> Christoph Anton Mitterer discovered that maildrop, a mail delivery agent
> with filtering abilities, is prone to a privilege escalation issue that
> grants a user root group privileges.
>
>
> The issue occurs when invoking maildrop -d, which keeps the root group
> privileges on the mailbox rather than changing them to the users gid.
> [0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601
Use CVE-2010-0301.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic