| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability note CVE-2010-0301
maildrop: privilege elevation
Synthesis of the vulnerability
| When emails are delivered with maildrop, a local attacker can acquire privileges of the root group. |
Severity: 2/4.
Creation date: 28/01/2010.
|
Description of the vulnerability
The maildrop program delivers local messages and filters them. This command is for example called by root:
maildrop -d user_who_receives_the_email
The email recipient can then have a ~/.mailfilter file containing commands to execute, in order to filter the mail.
The maildrop command looses root privileges, and acquires privileges of the user, before executing commands of the filtering file. However, additional groups are not limited to user's group. The root (0) additional group is therefore kept.
When emails are delivered with maildrop, a local attacker can thus acquire privileges of the root group. |
Complete Vigil@nce bulletin
Characteristics
Title: maildrop: privilege elevation.
Keywords: elevation maildrop privilege user_who_receives_the_email.
Identifiers: 564601, BID-37984, CVE-2010-0301, DSA 1981-1, DSA 1981-2, FEDORA-2010-1863, FEDORA-2010-1927, MDVSA-2010:038, VIGILANCE-VUL-9389.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer applications vulnerability
|