Joined: 12 May 2004
|Posted: Mon Sep 06, 2010 9:26 pm Post subject: [ GLSA 201009-02 ] Maildrop: privilege escalation
|Gentoo Linux Security Advisory
Title: Maildrop: privilege escalation (GLSA 201009-02)
Date: September 06, 2010
Insecure permission handling in maildrop might allow local attackers to
elevate their privileges.
maildrop is the mail filter/mail delivery agent that is used by the
Courier Mail Server.
Vulnerable: < 2.4.2
Unaffected: >= 2.4.2
Architectures: All supported architectures
Christoph Anton Mitterer reported that maildrop does not properly drop
its privileges when run as root.
A local attacker could create a specially crafted .mailfilter file,
possibly leading to the execution of arbitrary commands with the "root"
group privileges. NOTE: Successful exploitation requires that maildrop
is run as root with the -d option.
There is no known workaround at this time.
All maildrop users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/maildrop-2.4.2"