Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2655

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-2655
Last Modified 05 Sep 2008 04:52:20
Published 30 Aug 2005 01:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2655

Summary

lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.

Vulnerable Systems

Application

  • Maildrop 0.50

  • Maildrop 0.51

  • Maildrop 0.51b

  • Maildrop 0.51c

  • Maildrop 0.54

  • Maildrop 0.54a

  • Maildrop 0.54b

  • Maildrop 0.55

  • Maildrop 0.55a

  • Maildrop 0.55b

  • Maildrop 0.55c

  • Maildrop 0.60

  • Maildrop 0.61

  • Maildrop 0.62

  • Maildrop 0.63

  • Maildrop 0.64

  • Maildrop 0.65

  • Maildrop 0.70

  • Maildrop 0.71

  • Maildrop 0.72

  • Maildrop 0.73

  • Maildrop 0.74

  • Maildrop 0.75

  • Maildrop 0.76

  • Maildrop 0.99.1

  • Maildrop 0.99.2

  • Maildrop 1.0

  • Maildrop 1.1

  • Maildrop 1.2

  • Maildrop 1.2.1

  • Maildrop 1.2.2

  • Maildrop 1.3.0

  • Maildrop 1.3.1

  • Maildrop 1.3.3

  • Maildrop 1.3.4

  • Maildrop 1.3.5

  • Maildrop 1.3.6

  • Maildrop 1.3.7

  • Maildrop 1.3.8

  • Maildrop 1.3.9

  • Maildrop 1.4.0

  • Maildrop 1.5.0

  • Maildrop 1.5.1

  • Maildrop 1.5.2


References

DEBIAN - DSA-791


Last Updated: 27 May 2016 10:40:36