Insecure permission handling in maildrop might allow local attackers to elevate their privileges.
|Package||mail-filter/maildrop on all architectures|
|Affected versions||< 2.4.2|
|Unaffected versions||>= 2.4.2|
maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server.
Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root.
A local attacker could create a specially crafted .mailfilter file, possibly leading to the execution of arbitrary commands with the "root" group privileges. NOTE: Successful exploitation requires that maildrop is run as root with the -d option.
There is no known workaround at this time.
All maildrop users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/maildrop-2.4.2"
September 06, 2010
September 06, 2010: 01