Candidate: CVE-2010-0301
PublicDate: 2010-02-04 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0301
 http://www.debian.org/security/2010/dsa-1981
Description:
 main.C in maildrop 2.3.0 and earlier, when run by root with the -d option,
 uses the gid of root for execution of the .mailfilter file in a user's home
 directory, which allows local users to gain privileges via a crafted file.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=559681
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_maildrop:
upstream_maildrop: released (2.2.0-3.1)
dapper_maildrop: ignored (reached end-of-life)
hardy_maildrop: ignored (reached end-of-life)
intrepid_maildrop: needs-triage (reached end-of-life)
jaunty_maildrop: ignored (reached end-of-life)
karmic_maildrop: ignored (reached end-of-life)
lucid_maildrop: ignored (reached end-of-life)
maverick_maildrop: ignored (reached end-of-life)
natty_maildrop: ignored (reached end-of-life)
oneiric_maildrop: ignored (reached end-of-life)
precise_maildrop: ignored (reached end-of-life)
precise/esm_maildrop: DNE (precise was needs-triage)
quantal_maildrop: ignored (reached end-of-life)
raring_maildrop: ignored (reached end-of-life)
saucy_maildrop: ignored (reached end-of-life)
trusty_maildrop: not-affected (2.7.1-1)
trusty/esm_maildrop: DNE (trusty was not-affected [2.7.1-1])
utopic_maildrop: ignored (reached end-of-life)
vivid_maildrop: ignored (reached end-of-life)
vivid/stable-phone-overlay_maildrop: DNE
vivid/ubuntu-core_maildrop: DNE
wily_maildrop: ignored (reached end-of-life)
xenial_maildrop: not-affected (2.7.1-1)
yakkety_maildrop: ignored (reached end-of-life)
zesty_maildrop: ignored (reached end-of-life)
artful_maildrop: ignored (reached end-of-life)
bionic_maildrop: not-affected (2.7.1-1)
devel_maildrop: not-affected (2.7.1-1)