Test ID:	1.3.6.1.4.1.25623.1.0.800292
Category:	Privilege escalation
Title:	Maildrop < 2.4.0 Privilege Escalation Vulnerability
Summary:	Maildrop is prone to a privilege escalation vulnerability.
Description:	Summary: Maildrop is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw is due to the error in the 'maildrop/main.C', when run by root with the '-d' option, uses the gid of root for execution of the mailfilter file in a user's home directory. Vulnerability Impact: Successful exploitation will allow local users to gain elevated privileges. Affected Software/OS: Maildrop version 2.3.0 and prior. Solution: Update to version 2.4.0 or later. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0301 1023515 http://securitytracker.com/id?1023515 38367 http://secunia.com/advisories/38367 38374 http://secunia.com/advisories/38374 DSA-1981 http://www.debian.org/security/2010/dsa-1981 [oss-security] 20100127 CVE id request: maildrop http://marc.info/?l=oss-security&m=126462927918840&w=2 [oss-security] 20100128 Re: CVE id request: maildrop http://marc.info/?l=oss-security&m=126468324913920&w=2 http://marc.info/?l=oss-security&m=126468551017070&w=2 http://marc.info/?l=oss-security&m=126468618017829&w=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601 http://www.courier-mta.org/maildrop/changelog.html https://bugzilla.redhat.com/show_bug.cgi?id=559681 maildrop-group-priv-escalation(55980) https://exchange.xforce.ibmcloud.com/vulnerabilities/55980
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.