Unrated severityNVD Advisory· Published Feb 4, 2010· Updated Apr 29, 2026
CVE-2010-0301
CVE-2010-0301
Description
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.
Affected products
56cpe:2.3:a:maildrop:maildrop:*:*:*:*:*:*:*:*+ 55 more
- cpe:2.3:a:maildrop:maildrop:*:*:*:*:*:*:*:*range: <=2.3.0
- cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55c:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.62:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.63:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.64:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.74:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.75:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.76:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:2.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- secunia.com/advisories/38367nvdVendor Advisory
- secunia.com/advisories/38374nvdVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- securitytracker.com/idnvd
- www.courier-mta.org/maildrop/changelog.htmlnvd
- www.debian.org/security/2010/dsa-1981nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/55980nvd
News mentions
0No linked articles in our index yet.