| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability note CVE-2010-0301
maildrop: privilege elevation
Synthesis of the vulnerability
| When emails are delivered with maildrop, a local attacker can acquire privileges of the root group. |
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Means of attack: 1 attack.
Ability of attacker: technician (2/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 28/01/2010.
|
Impacted products
Description of the vulnerability
The maildrop program delivers local messages and filters them. This command is for example called by root:
maildrop -d user_who_receives_the_email
The email recipient can then have a ~/.mailfilter file containing commands to execute, in order to filter the mail.
The maildrop command looses root privileges, and acquires privileges of the user, before executing commands of the filtering file. However, additional groups are not limited to user's group. The root (0) additional group is therefore kept.
When emails are delivered with maildrop, a local attacker can thus acquire privileges of the root group. |
Characteristics
Title: maildrop: privilege elevation
Identifiers: 564601, BID-37984, CVE-2010-0301, DSA 1981-1, DSA 1981-2, FEDORA-2010-1863, FEDORA-2010-1927, MDVSA-2010:038, VIGILANCE-VUL-9389.
Url: https://vigilance.fr/tree/1/9389
|
Information sources
Solutions for this vulnerability
Supplements
|
