Nom du paquet
maildrop
Date
2010-02-16
Advisory ID
MDVSA-2010:038
Affected versions
CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problem description

A vulnerability have been discovered and corrected in maildrop:

main.C in maildrop 2.3.0 and earlier, when run by root with the -d
option, uses the gid of root for execution of the .mailfilter file in
a user's home directory, which allows local users to gain privileges
via a crafted file (CVE-2010-0301).

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 cdf43f77a101efc865d290e4abd16c08  corporate/4.0/x86_64/maildrop-1.7.0-9.1.20060mlcs4.x86_64.rpm
 373c837656ef6099862e8cd89df7dc69  corporate/4.0/x86_64/maildrop-devel-1.7.0-9.1.20060mlcs4.x86_64.rpm
 d5b96bb02e49413db3aefd660ee34203  corporate/4.0/x86_64/maildrop-mysql-1.7.0-9.1.20060mlcs4.x86_64.rpm
 2c768ab880f838c7c3513ae6f8bcc962  corporate/4.0/x86_64/maildrop-openldap-1.7.0-9.1.20060mlcs4.x86_64.rpm 
 e1862d87d5f4003dbe722f33dc5f0d82  corporate/4.0/SRPMS/maildrop-1.7.0-9.1.20060mlcs4.src.rpm

MES5 i586

 eee3e4db386d93afc826f636fa4d8f83  mes5/i586/maildrop-1.7.0-14.1mdvmes5.i586.rpm
 f11f173c784f5b13e103412ef1b80fbb  mes5/i586/maildrop-devel-1.7.0-14.1mdvmes5.i586.rpm
 41653a4ef502a213639fef75b731bd94  mes5/i586/maildrop-mysql-1.7.0-14.1mdvmes5.i586.rpm
 58180f1d9d33f553dec2cced968aa60d  mes5/i586/maildrop-openldap-1.7.0-14.1mdvmes5.i586.rpm 
 c17caf47894ecd0d5b435b4ba767e561  mes5/SRPMS/maildrop-1.7.0-14.1mdvmes5.src.rpm

CS4.0 i586

 f6b752753fa1a4e5fb050915672ca251  corporate/4.0/i586/maildrop-1.7.0-9.1.20060mlcs4.i586.rpm
 c30751bbbaa99dbe6bf787280ad1e163  corporate/4.0/i586/maildrop-devel-1.7.0-9.1.20060mlcs4.i586.rpm
 ac29677303ed83a59d852fc202d2b39e  corporate/4.0/i586/maildrop-mysql-1.7.0-9.1.20060mlcs4.i586.rpm
 1d0219502b50788dcfc6cf5651c5c4aa  corporate/4.0/i586/maildrop-openldap-1.7.0-9.1.20060mlcs4.i586.rpm 
 e1862d87d5f4003dbe722f33dc5f0d82  corporate/4.0/SRPMS/maildrop-1.7.0-9.1.20060mlcs4.src.rpm

MES5 x86_64

 dd15808097dda7662345f5e54c597d45  mes5/x86_64/maildrop-1.7.0-14.1mdvmes5.x86_64.rpm
 ebb970d1a70d506119646edc096f8d3c  mes5/x86_64/maildrop-devel-1.7.0-14.1mdvmes5.x86_64.rpm
 44922a84217f505350c3c5e489ec8088  mes5/x86_64/maildrop-mysql-1.7.0-14.1mdvmes5.x86_64.rpm
 15217994457847511ea2ae7291e8c556  mes5/x86_64/maildrop-openldap-1.7.0-14.1mdvmes5.x86_64.rpm 
 c17caf47894ecd0d5b435b4ba767e561  mes5/SRPMS/maildrop-1.7.0-14.1mdvmes5.src.rpm

References