diff options
author | Neil McGovern <neilm@debian.org> | 2005-09-03 14:46:03 +0000 |
---|---|---|
committer | Neil McGovern <neilm@debian.org> | 2005-09-03 14:46:03 +0000 |
commit | 83632fefd999961a98b925c7e1f3997e2c7d4634 (patch) | |
tree | 48631484934b174c0361a73e745f60dd19b479ba /data/DTSA/advs/11-maildrop.adv | |
parent | 10c833823154e563f6cd75eccc02e45717cb5e90 (diff) |
Last .adv
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1797 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs/11-maildrop.adv')
-rw-r--r-- | data/DTSA/advs/11-maildrop.adv | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/data/DTSA/advs/11-maildrop.adv b/data/DTSA/advs/11-maildrop.adv new file mode 100644 index 0000000000..4d7d531370 --- /dev/null +++ b/data/DTSA/advs/11-maildrop.adv @@ -0,0 +1,17 @@ +dtsa: DTSA-11-1 +source: maildrop +date: August 29th, 2005 +author: Andres Salomon +vuln-type: local privilege escalation +problem-scope: local +debian-specific: yes +cve: CAN-2005-2655 +testing-fix: 1.5.3-1.1etch1 +sid-fix: 1.5.3-2 + +The lockmail binary shipped with maildrop allows for an attacker to +obtain an effective gid as group "mail". Debian ships the binary with its +setgid bit set, but the program does not drop privileges when run. It takes +an argument that is executed, and since it does not drop privileges, an +attacker can execute an arbitrary command with an effective gid of the "mail" +group. |