Insecure permission handling in maildrop might allow local attackers to elevate their privileges.
Package | mail-filter/maildrop on all architectures |
---|---|
Affected versions | < 2.4.2 |
Unaffected versions | >= 2.4.2 |
maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server.
Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root.
A local attacker could create a specially crafted .mailfilter file, possibly leading to the execution of arbitrary commands with the "root" group privileges. NOTE: Successful exploitation requires that maildrop is run as root with the -d option.
There is no known workaround at this time.
All maildrop users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/maildrop-2.4.2"
Release date
September 06, 2010
Latest revision
September 06, 2010: 01
Severity
high
Exploitable
local
Bugzilla entries