GLSA 201009-02: Maildrop: privilege escalation

Severity:high
Title:Maildrop: privilege escalation
Date:09/06/2010
Bugs: #308043
ID:201009-02

Synopsis

Insecure permission handling in maildrop might allow local attackers to elevate their privileges.

Background

maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server.

Affected packages

Package Vulnerable Unaffected Architecture(s)
mail-filter/maildrop < 2.4.2 >= 2.4.2 All supported architectures

Description

Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root.

Impact

A local attacker could create a specially crafted .mailfilter file, possibly leading to the execution of arbitrary commands with the "root" group privileges. NOTE: Successful exploitation requires that maildrop is run as root with the -d option.

Workaround

There is no known workaround at this time.

Resolution

All maildrop users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-filter/maildrop-2.4.2"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201009-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Thank you!