thr3ads.net - secure testing announce - [secure-testing-announce] [DTSA-11-1] New maildrop packages fix local privilege escalation [Aug 2005]

If this information is useful, please help other people find it:
Share via:

Joey Hess

2005-Aug-30 16:52 UTC

[secure-testing-announce] [DTSA-11-1] New maildrop packages fix local privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-11-1    http://secure-testing.debian.net
secure-testing-team@lists.alioth.debian.org                     Andres Salomon
August 29th, 2005
- -----------------------------------------------------------------------------

Package        : maildrop
Vulnerability  : local privilege escalation
Problem-Type   : local
Debian-specific: yes
CVE ID         : CAN-2005-2655

The lockmail binary shipped with maildrop allows for an attacker to
obtain an effective gid as group "mail".  Debian ships the binary with
its
setgid bit set, but the program does not drop privileges when run.  It takes
an argument that is executed, and since it does not drop privileges, an
attacker can execute an arbitrary command with an effective gid of the
"mail"
group.

For the testing distribution (etch) this is fixed in version
1.5.3-1.1etch1.

For the unstable distribution (sid) this is fixed in version
1.5.3-2.

This upgrade is strongly recommended if you use maildrop.

The Debian testing security team does not track security issues for the
stable distribution (woody). If stable is vulnerable, the Debian security
team will make an announcement once a fix is ready.

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

  deb http://secure-testing.debian.net/debian-security-updates
etch-proposed-updates/security-updates main contrib non-free
  deb-src http://secure-testing.debian.net/debian-security-updates
etch-proposed-updates/security-updates main contrib non-free

The archive signing key can be downloaded from
http://secure-testing.debian.net/ziyi-2005-7.asc

To install the update, run this command as root:

  apt-get update && apt-get install maildrop

For further information about the Debian testing security team, please refer
to http://secure-testing.debian.net/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDFI5K2tp5zXiKP0wRAgRFAJ0ffszM40zDcb1MKoo6okelzaUuLACg0tUb
ZmBVmdQdNd81qGdVCcV/SOQ=h2/j
-----END PGP SIGNATURE-----

secure testing announce - Aug 2005 - [DTSA-11-1] New maildrop packages fix local privilege escalation

[secure-testing-announce] [DTSA-11-1] New maildrop packages fix local privilege escalation