'Re: [oss-security] CVE id request: maildrop'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request: maildrop
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-01-28 13:42:36
Message-ID: 945089069.423521264686156478.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Steffen Joeris" <steffen.joeris@skolelinux.de> wrote:
> 
> Christoph Anton Mitterer discovered that maildrop, a mail delivery agent
> with filtering abilities, is prone to a privilege escalation issue that
> grants a user root group privileges.
> 
> 
> The issue occurs when invoking maildrop -d, which keeps the root group
> privileges on the mailbox rather than changing them to the users gid.

> [0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601

Use CVE-2010-0301.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic