{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-1981", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1981"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601"}, {"name": "38374", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38374"}, {"name": "[oss-security] 20100128 Re: CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=126468618017829&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.courier-mta.org/maildrop/changelog.html"}, {"name": "maildrop-group-priv-escalation(55980)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55980"}, {"name": "[oss-security] 20100128 Re: CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=126468324913920&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559681"}, {"name": "[oss-security] 20100128 Re: CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=126468551017070&w=2"}, {"name": "1023515", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023515"}, {"name": "38367", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38367"}, {"name": "[oss-security] 20100127 CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=126462927918840&w=2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:11.803Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1981", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-1981"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601"}, {"name": "38374", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38374"}, {"name": "[oss-security] 20100128 Re: CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=126468618017829&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.courier-mta.org/maildrop/changelog.html"}, {"name": "maildrop-group-priv-escalation(55980)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55980"}, {"name": "[oss-security] 20100128 Re: CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=126468324913920&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559681"}, {"name": "[oss-security] 20100128 Re: CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=126468551017070&w=2"}, {"name": "1023515", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023515"}, {"name": "38367", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38367"}, {"name": "[oss-security] 20100127 CVE id request: maildrop", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=126462927918840&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0301", "datePublished": "2010-02-04T18:00:00", "dateReserved": "2010-01-12T00:00:00", "dateUpdated": "2024-08-07T00:45:11.803Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:maildrop:maildrop:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E3AFE6-61CD-47CB-A19B-41C212A4D86D", "versionEndIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:*", "matchCriteriaId": "87199D7B-F9AA-4F5E-840B-7A4967ED0EB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:*", "matchCriteriaId": "8C83336C-A264-420D-ACEB-BE1BCC47741B", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:*", "matchCriteriaId": "BFC7B35D-183B-403C-A00E-1306A3421794", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:*", "matchCriteriaId": "9A82E451-02A1-40B8-B9F6-5E6E87A3D5B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:*", "matchCriteriaId": "AAA65307-7797-4C6D-92FF-BB26FBCD20A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:*", "matchCriteriaId": "EA22CD95-F4A8-4B93-AC4C-72EA4DF70494", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:*", "matchCriteriaId": "0D28E2AC-0B4F-4E8B-8BC0-117B1114E113", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:*", "matchCriteriaId": "1BCF600A-1A8F-4A2B-B018-AD08F454EC1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:*", "matchCriteriaId": "81F1A162-1ACD-403E-8397-BAFDEE267248", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:*", "matchCriteriaId": "B4C07AE1-9101-4BC8-A606-2BB3D6350C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55c:*:*:*:*:*:*:*", "matchCriteriaId": "C79AFE29-692E-4E4B-9CBA-324AE09FC797", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.60:*:*:*:*:*:*:*", "matchCriteriaId": "CF022F1A-30D4-4080-82E3-1FC17D61E797", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.61:*:*:*:*:*:*:*", "matchCriteriaId": "6F144A46-C84F-43BE-A6C1-C10D582C766E", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.62:*:*:*:*:*:*:*", "matchCriteriaId": "87F48AD3-C45A-4FC0-A4E0-F2DDEDDA7D1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.63:*:*:*:*:*:*:*", "matchCriteriaId": "2A798F46-215D-41B8-8C54-DCF6DA816EC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.64:*:*:*:*:*:*:*", "matchCriteriaId": "BC150BF9-A63A-4178-873D-8C34D71A66FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.65:*:*:*:*:*:*:*", "matchCriteriaId": "701CE9B9-62B7-41FF-93AF-0C3E2962A7A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.70:*:*:*:*:*:*:*", "matchCriteriaId": "7D1FB221-64D1-4B0D-99D5-CE2A1C14DAE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.71:*:*:*:*:*:*:*", "matchCriteriaId": "17EFC266-1184-4449-A5EA-398A41670E91", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.72:*:*:*:*:*:*:*", "matchCriteriaId": "471898BA-640E-4A02-98B1-259F008CB72A", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.73:*:*:*:*:*:*:*", "matchCriteriaId": "EAE45DC8-4EF9-42C9-9D5C-38F9A373A9E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.74:*:*:*:*:*:*:*", "matchCriteriaId": "F16B4E79-3FE3-40DF-A543-50B323951C0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.75:*:*:*:*:*:*:*", "matchCriteriaId": "06124AEA-F3E3-4586-AA28-418FB79A9402", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.76:*:*:*:*:*:*:*", "matchCriteriaId": "C5D1E65D-5E79-4F0C-9E6C-426BACACC34C", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "02348D9E-D0BB-40F6-96ED-CF2066DE00F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "F3945570-C13A-4A3B-AC3E-7E31A100BF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "14C18F57-D4FB-4F3D-8197-62EF9A8E6356", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "26736677-0096-4923-8869-6DE6ED1DF00A", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "19D8E199-217B-42EA-B9BE-C7E9CBE3C56D", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "09663166-7ECB-4275-BAD4-DC57F6A70773", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "47475313-3B87-424F-A77A-A83FD51C44C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "78F56283-450A-4006-B6D7-DDF3E898968F", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DAF6245-CFB7-4E1B-B481-B956F8A18E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F1E4C5B-CDFF-4C6C-9012-DEDFACAFFC40", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "18935216-B1A2-4E62-83B4-F11DE0135505", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "05BD7E7A-4FBA-4477-904A-2318F74A8BF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "1DC1803A-2656-4C05-B3FB-F7F2AC296BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "F180BCAD-432C-4795-BF91-4E2D01409E0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "934CDE7E-EEC8-4CE8-B3DA-92AA5CD7D35B", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "FF5209C5-3773-4AE4-8145-B11FF7FFA75C", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7376FEF5-9D05-43C3-B8A5-D96E0309B034", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBF3F8F6-BD5B-411E-9F65-C6D9481FC60E", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A336437-F857-4B7D-AC29-70A453A97D11", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4AF97C89-2163-4233-B367-BE72F40C74FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "FB073A30-2E11-46FE-9169-BD988B4EEA63", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "75D1959C-81A5-4B91-872B-21883CD182C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "52FC3312-5F6C-4D79-BD51-6EE2F297FE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7A08428-5C2B-4689-AB8E-0B39C88EA04C", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "60D1C253-FA5B-4469-B86B-5CADA6DAC609", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "41F8DB79-17E2-4506-8950-7AD5800FF746", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1FC70BF4-BFB7-4E45-8CDF-D7886A57CD56", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AFCBF977-BEDE-4D35-84B9-84A04B1BD62A", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F07BE63A-7980-4E42-9A69-DB1C2105997A", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B0463E8-EF53-4E7D-8916-8C8274D50DB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:maildrop:maildrop:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C0C5A0D7-2DE5-48DA-B70F-864B884A1A4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file."}, {"lang": "es", "value": "main.C en maildrop v2.3.0 y anteriores, cuando se ejecuta como root con la opcci\u00f3n --d, usa el gid de root para ejecuci\u00f3n del archivo .mailfilter en un directorio home de usuario, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de un fichero manipulado. \r\n"}], "id": "CVE-2010-0301", "lastModified": "2017-08-17T01:31:57.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-04T20:15:23.890", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=126462927918840&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=126468324913920&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=126468551017070&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=126468618017829&w=2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38367"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38374"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1023515"}, {"source": "secalert@redhat.com", "url": "http://www.courier-mta.org/maildrop/changelog.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-1981"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559681"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55980"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "maildrop: does not drop supplimentary groups when dropping privileges", "id": "559681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559681"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "status": "draft"}, "details": ["main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file."], "name": "CVE-2010-0301", "public_date": "2010-01-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-0301\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-0301"], "threat_severity": "Moderate"}