main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a users home directory, which allows local users to gain privileges via a crafted file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Maildrop | Maildrop | * | 2.3.0 (including) |
| Maildrop | Maildrop | 0.50 (including) | 0.50 (including) |
| Maildrop | Maildrop | 0.51 (including) | 0.51 (including) |
| Maildrop | Maildrop | 0.51b (including) | 0.51b (including) |
| Maildrop | Maildrop | 0.51c (including) | 0.51c (including) |
| Maildrop | Maildrop | 0.54 (including) | 0.54 (including) |
| Maildrop | Maildrop | 0.54a (including) | 0.54a (including) |
| Maildrop | Maildrop | 0.54b (including) | 0.54b (including) |
| Maildrop | Maildrop | 0.55 (including) | 0.55 (including) |
| Maildrop | Maildrop | 0.55a (including) | 0.55a (including) |
| Maildrop | Maildrop | 0.55b (including) | 0.55b (including) |
| Maildrop | Maildrop | 0.55c (including) | 0.55c (including) |
| Maildrop | Maildrop | 0.60 (including) | 0.60 (including) |
| Maildrop | Maildrop | 0.61 (including) | 0.61 (including) |
| Maildrop | Maildrop | 0.62 (including) | 0.62 (including) |
| Maildrop | Maildrop | 0.63 (including) | 0.63 (including) |
| Maildrop | Maildrop | 0.64 (including) | 0.64 (including) |
| Maildrop | Maildrop | 0.65 (including) | 0.65 (including) |
| Maildrop | Maildrop | 0.70 (including) | 0.70 (including) |
| Maildrop | Maildrop | 0.71 (including) | 0.71 (including) |
| Maildrop | Maildrop | 0.72 (including) | 0.72 (including) |
| Maildrop | Maildrop | 0.73 (including) | 0.73 (including) |
| Maildrop | Maildrop | 0.74 (including) | 0.74 (including) |
| Maildrop | Maildrop | 0.75 (including) | 0.75 (including) |
| Maildrop | Maildrop | 0.76 (including) | 0.76 (including) |
| Maildrop | Maildrop | 0.99.1 (including) | 0.99.1 (including) |
| Maildrop | Maildrop | 0.99.2 (including) | 0.99.2 (including) |
| Maildrop | Maildrop | 1.0 (including) | 1.0 (including) |
| Maildrop | Maildrop | 1.1 (including) | 1.1 (including) |
| Maildrop | Maildrop | 1.2 (including) | 1.2 (including) |
| Maildrop | Maildrop | 1.2.1 (including) | 1.2.1 (including) |
| Maildrop | Maildrop | 1.2.2 (including) | 1.2.2 (including) |
| Maildrop | Maildrop | 1.3.0 (including) | 1.3.0 (including) |
| Maildrop | Maildrop | 1.3.1 (including) | 1.3.1 (including) |
| Maildrop | Maildrop | 1.3.3 (including) | 1.3.3 (including) |
| Maildrop | Maildrop | 1.3.4 (including) | 1.3.4 (including) |
| Maildrop | Maildrop | 1.3.5 (including) | 1.3.5 (including) |
| Maildrop | Maildrop | 1.3.6 (including) | 1.3.6 (including) |
| Maildrop | Maildrop | 1.3.7 (including) | 1.3.7 (including) |
| Maildrop | Maildrop | 1.3.8 (including) | 1.3.8 (including) |
| Maildrop | Maildrop | 1.3.9 (including) | 1.3.9 (including) |
| Maildrop | Maildrop | 1.4.0 (including) | 1.4.0 (including) |
| Maildrop | Maildrop | 1.5.0 (including) | 1.5.0 (including) |
| Maildrop | Maildrop | 1.5.1 (including) | 1.5.1 (including) |
| Maildrop | Maildrop | 1.5.2 (including) | 1.5.2 (including) |
| Maildrop | Maildrop | 1.6.2 (including) | 1.6.2 (including) |
| Maildrop | Maildrop | 1.6.3 (including) | 1.6.3 (including) |
| Maildrop | Maildrop | 1.7.0 (including) | 1.7.0 (including) |
| Maildrop | Maildrop | 1.8.1 (including) | 1.8.1 (including) |
| Maildrop | Maildrop | 2.0.0 (including) | 2.0.0 (including) |
| Maildrop | Maildrop | 2.0.1 (including) | 2.0.1 (including) |
| Maildrop | Maildrop | 2.0.2 (including) | 2.0.2 (including) |
| Maildrop | Maildrop | 2.0.3 (including) | 2.0.3 (including) |
| Maildrop | Maildrop | 2.0.4 (including) | 2.0.4 (including) |
| Maildrop | Maildrop | 2.1 (including) | 2.1 (including) |
| Maildrop | Maildrop | 2.2 (including) | 2.2 (including) |