main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-02-04
Updated
2017-08-17
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
Max CVSS
10.0
EPSS Score
0.06%
Published
2005-08-30
Updated
2008-09-05
2 vulnerabilities found