Last .adv

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1797 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Neil McGovern <neilm@debian.org> 2005-09-03 14:46:03 +0000
committer: Neil McGovern <neilm@debian.org> 2005-09-03 14:46:03 +0000
commit: 83632fefd999961a98b925c7e1f3997e2c7d4634 (patch)
tree: 48631484934b174c0361a73e745f60dd19b479ba /data/DTSA/advs/11-maildrop.adv
parent: 10c833823154e563f6cd75eccc02e45717cb5e90 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/data/DTSA/advs/11-maildrop.adv b/data/DTSA/advs/11-maildrop.adv
new file mode 100644
index 0000000000..4d7d531370
--- /dev/null
+++ b/data/DTSA/advs/11-maildrop.adv
@@ -0,0 +1,17 @@
+dtsa: DTSA-11-1
+source: maildrop
+date: August 29th, 2005
+author: Andres Salomon
+vuln-type: local privilege escalation
+problem-scope: local
+debian-specific: yes
+cve: CAN-2005-2655
+testing-fix: 1.5.3-1.1etch1
+sid-fix: 1.5.3-2
+
+The lockmail binary shipped with maildrop allows for an attacker to
+obtain an effective gid as group "mail".  Debian ships the binary with its
+setgid bit set, but the program does not drop privileges when run.  It takes
+an argument that is executed, and since it does not drop privileges, an
+attacker can execute an arbitrary command with an effective gid of the "mail"
+group.
author	Neil McGovern <neilm@debian.org>	2005-09-03 14:46:03 +0000
committer	Neil McGovern <neilm@debian.org>	2005-09-03 14:46:03 +0000
commit	83632fefd999961a98b925c7e1f3997e2c7d4634 (patch)
tree	48631484934b174c0361a73e745f60dd19b479ba /data/DTSA/advs/11-maildrop.adv
parent	10c833823154e563f6cd75eccc02e45717cb5e90 (diff)