paul Posted February 16, 2010 Report Share Posted February 16, 2010 A vulnerability have been discovered and corrected in maildrop: main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file (CVE-2010-0301). The updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts