RSS   Podatności dla 'Maildrop'   RSS

2010-02-04
 
CVE-2010-0301

CWE-264
 
 
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.

 
2005-08-30
 
CVE-2005-2655

 
 
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.

 

Copyright 2024, cxsecurity.com

 

Back to Top