正文

maildrop 'main.C' 权限提升漏洞

admin
admin V管理员 /0 评论 /7 阅读
0105
此篇文章发布距今已超过1278天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

maildrop 'main.C' 权限提升漏洞

  • CNNVD编号:CNNVD-201002-029
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2010-0301
  • 漏洞类型: 权限许可和访问控制
  • 发布时间: 2010-02-04
  • 威胁类型: 本地
  • 更新时间: 2010-02-05
  • 厂        商: maildrop
  • 漏洞来源: Christoph Anton Mi...

漏洞简介

maildrop是带有过滤功能的邮件传输代理。

如果root用户以-d选项运行maildrop,则main.C使用了root的gid执行用户主目录中的.mailfilter,这允许本地用户通过特制文件获得权限提升。成功攻击要求maildrop编译为没有设置RESET_GID,如邮件目录没有使用粘着位。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Debian Linux 4.0 arm

Debian maildrop_2.0.2-11+etch1_arm.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_arm.deb

Debian Linux 5.0 ia-64

Debian maildrop_2.0.4-3+lenny1_ia64.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_ia64.deb

Debian Linux 4.0 powerpc

Debian maildrop_2.0.2-11+etch1_powerpc.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_powerpc.deb

Debian Linux 5.0 alpha

Debian maildrop_2.0.4-3+lenny1_alpha.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_alpha.deb

Debian Linux 5.0 ia-32

Debian maildrop_2.0.4-3+lenny1_i386.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_i386.deb

Debian Linux 5.0 s/390

Debian maildrop_2.0.4-3+lenny1_s390.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_s390.deb

Debian Linux 5.0 mipsel

Debian maildrop_2.0.4-3+lenny1_mipsel.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_mipsel.deb

Debian Linux 4.0 amd64

Debian maildrop_2.0.2-11+etch1_amd64.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_amd64.deb

Debian Linux 4.0 ia-32

Debian maildrop_2.0.2-11+etch1_i386.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_i386.deb

Debian Linux 5.0 hppa

Debian maildrop_2.0.4-3+lenny1_hppa.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_hppa.deb

Debian Linux 4.0 hppa

Debian maildrop_2.0.2-11+etch1_hppa.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_hppa.deb

Debian Linux 4.0 s/390

Debian maildrop_2.0.2-11+etch1_s390.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_s390.deb

Debian Linux 5.0 arm

Debian maildrop_2.0.4-3+lenny1_arm.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_arm.deb

Debian Linux 4.0 alpha

Debian maildrop_2.0.2-11+etch1_alpha.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_alpha.deb

maildrop maildrop 2.3

maildrop maildrop-2.4.0.tar.bz2

http://sourceforge.net/projects/courier/files/maildrop/2.4.0/maildrop- 2.4.0.tar.bz2

Debian Linux 5.0 armel

Debian maildrop_2.0.4-3+lenny1_armel.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_armel.deb

Debian Linux 5.0 amd64

Debian maildrop_2.0.4-3+lenny1_amd64.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_amd64.deb

Debian Linux 4.0 mipsel

Debian maildrop_2.0.2-11+etch1_mipsel.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_mipsel.deb

Debian Linux 5.0 mips

Debian maildrop_2.0.4-3+lenny1_mips.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_mips.deb

Debian Linux 5.0 powerpc

Debian maildrop_2.0.4-3+lenny1_powerpc.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_powerpc.deb

Debian Linux 4.0 ia-64

Debian maildrop_2.0.2-11+etch1_ia64.deb

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_ia64.deb

参考网址

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=559681

来源: XF

名称: maildrop-group-priv-escalation(55980)

链接:http://xforce.iss.net/xforce/xfdb/55980

来源: DEBIAN

名称: DSA-1981

链接:http://www.debian.org/security/2010/dsa-1981

来源: www.courier-mta.org

链接:http://www.courier-mta.org/maildrop/changelog.html

来源: SECTRACK

名称: 1023515

链接:http://securitytracker.com/id?1023515

来源: SECUNIA

名称: 38374

链接:http://secunia.com/advisories/38374

来源: SECUNIA

名称: 38367

链接:http://secunia.com/advisories/38367

来源: MLIST

名称: [oss-security] 20100128 Re: CVE id request: maildrop

链接:http://marc.info/?l=oss-security&m=126468618017829&w=2

来源: MLIST

名称: [oss-security] 20100128 Re: CVE id request: maildrop

链接:http://marc.info/?l=oss-security&m=126468551017070&w=2

来源: MLIST

名称: [oss-security] 20100128 Re: CVE id request: maildrop

链接:http://marc.info/?l=oss-security&m=126468324913920&w=2

来源: MLIST

名称: [oss-security] 20100127 CVE id request: maildrop

链接:http://marc.info/?l=oss-security&m=126462927918840&w=2

来源: bugs.debian.org

链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601

受影响实体

  • Maildrop Maildrop:1.3.9  
    <!--
    2000-1-1
    -->
  • Maildrop Maildrop:0.60  
    <!--
    2000-1-1
    -->
  • Maildrop Maildrop:0.55c  
    <!--
    2000-1-1
    -->
  • Maildrop Maildrop:0.62  
    <!--
    2000-1-1
    -->
  • Maildrop Maildrop:0.61  
    <!--
    2000-1-1
    -->

补丁

  • maildrop-2.5.0.tar
    <!--
    2010-5-30
    -->