Maildrop Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is installed Maildrop and is prone to Privilege Escalation vulnerability

Impact

Successful exploitation will allow local users to gain elevated privileges. Impact Level: Application.

Solution

Upgrade to Maildrop version 2.4.0 For updates refer to http://sourceforge.net/projects/courier/files/

Insight

The flaw is due to the error in the 'maildrop/main.C', when run by root with the '-d' option, uses the gid of root for execution of the mailfilter file in a user's home directory.

Affected

Maildrop version 2.3.0 and prior.

References

http://secunia.com/advisories/38367
http://securitytracker.com/alerts/2010/Jan/1023515.html
http://xforce.iss.net/xforce/xfdb/55980

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0301
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Avaya P330 Stackable Switch found with default password
Allied Telesyn Router/Switch found with default password
AirConnect Default Password
Dovecot ACL Plugin Security Bypass Vulnerabilities
Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability

Take action and discover your vulnerabilities