1. CVE-Search
  2. CVE-2005-2655
ID CVE-2005-2655
Summary lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
References
Vulnerable Configurations
  • cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.55c:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.55c:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.60:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.61:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.62:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.63:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.64:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.65:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.70:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.74:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.75:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.76:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.76:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.99.1:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.99.1:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:0.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:0.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:maildrop:maildrop:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:maildrop:maildrop:1.5.2:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 05-09-2008 - 20:52)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
debian DSA-791
Last major update 05-09-2008 - 20:52
Published 30-08-2005 - 17:03
Last modified 05-09-2008 - 20:52
Back to Top