================================== Deliver, multiple vulnerabilites March 24, 2010 CVE-2010-0439 ================================== ==Description== Deliver (http://deliver.sourceforge.net/), a mail delivery program installed suid root as /usr/bin/deliver, is vulnerable to several race conditions that can be exploited by a local attacker using symbolic links. On systems using Deliver over NFS, these attacks can result in gaining root privileges via taking ownership of critical system files. On other systems, these attacks can result in denial-of-service conditions and information disclosure. In addition, users can deny service to other users by creating lockfiles for other users' mailboxes. ==Solution== Users are advised to discontinue use of Deliver in the absence of a patch or new release from the developer. ==Credits== These vulnerabilities were discovered by Dan Rosenberg (dan.j.rosenberg (at) gmail (dot) com [email concealed]). ==Timeline== 1/14/10 - Vulnerabilities discovered 1/27/10 - Developer notified 1/27/10 - Developer response, fix planned 3/20/10 - Fix deadlines repeatedly passed, disclosure date set at 3/24/10 3/24/10 - Disclosure ==References== CVE identifier CVE-2010-0439 has been assigned to these issues.