Maildrop Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is installed Maildrop and is prone to Privilege Escalation vulnerability

Impact

Successful exploitation will allow local users to gain elevated privileges. Impact Level: Application.

Solution

Upgrade to Maildrop version 2.4.0 For updates refer to http://sourceforge.net/projects/courier/files/

Insight

The flaw is due to the error in the 'maildrop/main.C', when run by root with the '-d' option, uses the gid of root for execution of the mailfilter file in a user's home directory.

Affected

Maildrop version 2.3.0 and prior.

References

http://secunia.com/advisories/38367
http://securitytracker.com/alerts/2010/Jan/1023515.html
http://xforce.iss.net/xforce/xfdb/55980

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0301

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

VMware Tools Local Privilege Escalation Vulnerability (Linux)
HP Linux Imaging and Printing System Security Bypass Vulnerability
Dovecot ACL Plugin Security Bypass Vulnerabilities
3Com Superstack 3 switch with default password
Avaya P330 Stackable Switch found with default password

Take action and discover your vulnerabilities