CVE-2010-0301

EPSS 0.42%
Veröffentlicht 04.02.2010 20:15:23
Zuletzt bearbeitet 16.06.2026 23:15:53
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

NVD 56 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Maildrop ≫ Maildrop Version <= 2.3.0

Maildrop ≫ Maildrop Version0.50

Maildrop ≫ Maildrop Version0.51

Maildrop ≫ Maildrop Version0.51b

Maildrop ≫ Maildrop Version0.51c

Maildrop ≫ Maildrop Version0.54

Maildrop ≫ Maildrop Version0.54a

Maildrop ≫ Maildrop Version0.54b

Maildrop ≫ Maildrop Version0.55

Maildrop ≫ Maildrop Version0.55a

Maildrop ≫ Maildrop Version0.55b

Maildrop ≫ Maildrop Version0.55c

Maildrop ≫ Maildrop Version0.60

Maildrop ≫ Maildrop Version0.61

Maildrop ≫ Maildrop Version0.62

Maildrop ≫ Maildrop Version0.63

Maildrop ≫ Maildrop Version0.64

Maildrop ≫ Maildrop Version0.65

Maildrop ≫ Maildrop Version0.70

Maildrop ≫ Maildrop Version0.71

Maildrop ≫ Maildrop Version0.72

Maildrop ≫ Maildrop Version0.73

Maildrop ≫ Maildrop Version0.74

Maildrop ≫ Maildrop Version0.75

Maildrop ≫ Maildrop Version0.76

Maildrop ≫ Maildrop Version0.99.1

Maildrop ≫ Maildrop Version0.99.2

Maildrop ≫ Maildrop Version1.0

Maildrop ≫ Maildrop Version1.1

Maildrop ≫ Maildrop Version1.2

Maildrop ≫ Maildrop Version1.2.1

Maildrop ≫ Maildrop Version1.2.2

Maildrop ≫ Maildrop Version1.3.0

Maildrop ≫ Maildrop Version1.3.1

Maildrop ≫ Maildrop Version1.3.3

Maildrop ≫ Maildrop Version1.3.4

Maildrop ≫ Maildrop Version1.3.5

Maildrop ≫ Maildrop Version1.3.6

Maildrop ≫ Maildrop Version1.3.7

Maildrop ≫ Maildrop Version1.3.8

Maildrop ≫ Maildrop Version1.3.9

Maildrop ≫ Maildrop Version1.4.0

Maildrop ≫ Maildrop Version1.5.0

Maildrop ≫ Maildrop Version1.5.1

Maildrop ≫ Maildrop Version1.5.2

Maildrop ≫ Maildrop Version1.6.2

Maildrop ≫ Maildrop Version1.6.3

Maildrop ≫ Maildrop Version1.7.0

Maildrop ≫ Maildrop Version1.8.1

Maildrop ≫ Maildrop Version2.0.0

Maildrop ≫ Maildrop Version2.0.1

Maildrop ≫ Maildrop Version2.0.2

Maildrop ≫ Maildrop Version2.0.3

Maildrop ≫ Maildrop Version2.0.4

Maildrop ≫ Maildrop Version2.1

Maildrop ≫ Maildrop Version2.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.337

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601

http://marc.info/?l=oss-security&m=126462927918840&w=2

http://marc.info/?l=oss-security&m=126468324913920&w=2

http://marc.info/?l=oss-security&m=126468551017070&w=2

http://marc.info/?l=oss-security&m=126468618017829&w=2

http://secunia.com/advisories/38367

Vendor Advisory

http://secunia.com/advisories/38374

Vendor Advisory

http://securitytracker.com/id?1023515

http://www.courier-mta.org/maildrop/changelog.html

http://www.debian.org/security/2010/dsa-1981

https://bugzilla.redhat.com/show_bug.cgi?id=559681

https://exchange.xforce.ibmcloud.com/vulnerabilities/55980

https://nvd.nist.gov/vuln/detail/CVE-2010-0301

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0301

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0301

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2010-0301