Bug#325135: maildrop: lockmail doesn't drop privileges

2005-08-28 Thread Stefan Hornburg
On Sun, 28 Aug 2005 13:00:19 +0200 Martin Schulze <[EMAIL PROTECTED]> wrote: > Andres Salomon wrote: > > On Sat, 2005-08-27 at 11:42 +0100, Steve Kemp wrote: > > > On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote: > > > > > > > Thanks a lot for the report. This is CAN-2005-2655. >

Bug#325135: maildrop: lockmail doesn't drop privileges

2005-08-28 Thread Martin Schulze
Andres Salomon wrote: > On Sat, 2005-08-27 at 11:42 +0100, Steve Kemp wrote: > > On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote: > > > > > Thanks a lot for the report. This is CAN-2005-2655. > > > > > > > The bug affects 1.5.3-1.1 sarge/etch/sid and 1.8.1-2 in experimental, > > >

Bug#325135: maildrop: lockmail doesn't drop privileges

2005-08-28 Thread Steve Kemp
On Sat, Aug 27, 2005 at 07:03:55PM -0400, Andres Salomon wrote: > > Certainly. Once the advisory is out I can make an upload if Joy > > hasn't already made one. > > > > I can also do an upload; Joy already said I should comaintain, I've just > been waiting for racke to do a new courier uploa

Bug#325135: maildrop: lockmail doesn't drop privileges

2005-08-27 Thread Andres Salomon
On Sat, 2005-08-27 at 11:42 +0100, Steve Kemp wrote: > On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote: > > > Thanks a lot for the report. This is CAN-2005-2655. > > > > > The bug affects 1.5.3-1.1 sarge/etch/sid and 1.8.1-2 in experimental, > > > and should be easy to fix: Just a

Bug#325135: maildrop: lockmail doesn't drop privileges

2005-08-27 Thread Martin Schulze
Max Vozeler wrote: > Short description: > lockmail.maildrop (setgid mail) lets the user specify a program and > execvp()s it, but does not drop egid mail privilege before doing so. > This opens a trivial privilege escalation (see "poc") to group mail. Thanks a lot for the report. This is CAN-200

Bug#325135: maildrop: lockmail doesn't drop privileges

2005-08-27 Thread Steve Kemp
On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote: > Thanks a lot for the report. This is CAN-2005-2655. > > > The bug affects 1.5.3-1.1 sarge/etch/sid and 1.8.1-2 in experimental, > > and should be easy to fix: Just add setgid(getgid()) before the > > execvp(). I tested the attache

Bug#325135: maildrop: lockmail doesn't drop privileges

2005-08-26 Thread Max Vozeler
Package: maildrop Version: 1.5.3-1.1 Severity: critical Justification: local privilege escalation Tags: security sarge sid patch Hi Josip, I've already tried to contact you about this, but have not heard from you. I'm filing it now to keep track. Please refer to message <[EMAIL PROTECTED]> for fu