CVE-2010-0301

Related Files

Gentoo Linux Security Advisory 201009-2

Posted Sep 8, 2010

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201009-2 - Insecure permission handling in maildrop might allow local attackers to elevate their privileges. Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Versions less than 2.4.2 are affected.

tags | advisory, local, root

systems | linux, gentoo

advisories | CVE-2010-0301

SHA-256 | 2bfb6f35985ffdffe7307c2836a10362f23cfba6a7ac26e966bdc15cc16b8a84

Download | Favorite | View

Mandriva Linux Security Advisory 2010-038

Posted Feb 16, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-038 - main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the.mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file. The updated packages have been patched to correct this issue.

tags | advisory, local, root

systems | linux, mandriva

advisories | CVE-2010-0301

SHA-256 | a594ca8f9397f7050a0c918b62589d0df31710cea19426d9dd51300c8f33d6ee

Download | Favorite | View

Debian Linux Security Advisory 1981-2

Posted Jan 29, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 1981-2 - The latest DSA for maildrop introduced two regressions. The maildrop program stopped working when invoked as a non-root user, such as with postfix. Also, the lenny version dropped a dependency on the courier-authlib package.

tags | advisory, root

systems | linux, debian

advisories | CVE-2010-0301

SHA-256 | dc9c10eff52a098653f18750b581e99e43503d6ad0570f552ec380e620ccc7c0

Download | Favorite | View