CVE-2005-2655

lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.debian.org/security/2005/dsa-791	Patch Vendor Advisory
http://www.debian.org/security/2005/dsa-791	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:maildrop:maildrop:0.50:::::::*
	cpe:2.3:a:maildrop:maildrop:0.51:::::::*
	cpe:2.3:a:maildrop:maildrop:0.51b:::::::*
	cpe:2.3:a:maildrop:maildrop:0.51c:::::::*
	cpe:2.3:a:maildrop:maildrop:0.54:::::::*
	cpe:2.3:a:maildrop:maildrop:0.54a:::::::*
	cpe:2.3:a:maildrop:maildrop:0.54b:::::::*
	cpe:2.3:a:maildrop:maildrop:0.55:::::::*
	cpe:2.3:a:maildrop:maildrop:0.55a:::::::*
	cpe:2.3:a:maildrop:maildrop:0.55b:::::::*
	cpe:2.3:a:maildrop:maildrop:0.55c:::::::*
	cpe:2.3:a:maildrop:maildrop:0.60:::::::*
	cpe:2.3:a:maildrop:maildrop:0.61:::::::*
	cpe:2.3:a:maildrop:maildrop:0.62:::::::*
	cpe:2.3:a:maildrop:maildrop:0.63:::::::*
	cpe:2.3:a:maildrop:maildrop:0.64:::::::*
	cpe:2.3:a:maildrop:maildrop:0.65:::::::*
	cpe:2.3:a:maildrop:maildrop:0.70:::::::*
	cpe:2.3:a:maildrop:maildrop:0.71:::::::*
	cpe:2.3:a:maildrop:maildrop:0.72:::::::*
	cpe:2.3:a:maildrop:maildrop:0.73:::::::*
	cpe:2.3:a:maildrop:maildrop:0.74:::::::*
	cpe:2.3:a:maildrop:maildrop:0.75:::::::*
	cpe:2.3:a:maildrop:maildrop:0.76:::::::*
	cpe:2.3:a:maildrop:maildrop:0.99.1:::::::*
	cpe:2.3:a:maildrop:maildrop:0.99.2:::::::*
	cpe:2.3:a:maildrop:maildrop:1.0:::::::*
	cpe:2.3:a:maildrop:maildrop:1.1:::::::*
	cpe:2.3:a:maildrop:maildrop:1.2:::::::*
	cpe:2.3:a:maildrop:maildrop:1.2.1:::::::*
	cpe:2.3:a:maildrop:maildrop:1.2.2:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.0:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.1:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.3:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.4:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.5:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.6:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.7:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.8:::::::*
	cpe:2.3:a:maildrop:maildrop:1.3.9:::::::*
	cpe:2.3:a:maildrop:maildrop:1.4.0:::::::*
	cpe:2.3:a:maildrop:maildrop:1.5.0:::::::*
	cpe:2.3:a:maildrop:maildrop:1.5.1:::::::*
	cpe:2.3:a:maildrop:maildrop:1.5.2:::::::*

History

21 Nov 2024, 00:00

Type	Values Removed	Values Added
References	~~() http://www.debian.org/security/2005/dsa-791 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2005/dsa-791 - Patch, Vendor Advisory

Information

Published : 2005-08-30 17:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-2655

Mitre link : CVE-2005-2655

CVE.ORG link : CVE-2005-2655

JSON object : View

Products Affected

maildrop

maildrop

CWE

NVD-CWE-Other

{"id": "CVE-2005-2655", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-08-30T17:03:00.000", "references": [{"url": "http://www.debian.org/security/2005/dsa-791", "tags": ["Patch", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "http://www.debian.org/security/2005/dsa-791", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87199D7B-F9AA-4F5E-840B-7A4967ED0EB6"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C83336C-A264-420D-ACEB-BE1BCC47741B"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFC7B35D-183B-403C-A00E-1306A3421794"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A82E451-02A1-40B8-B9F6-5E6E87A3D5B6"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAA65307-7797-4C6D-92FF-BB26FBCD20A4"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA22CD95-F4A8-4B93-AC4C-72EA4DF70494"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D28E2AC-0B4F-4E8B-8BC0-117B1114E113"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BCF600A-1A8F-4A2B-B018-AD08F454EC1F"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81F1A162-1ACD-403E-8397-BAFDEE267248"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4C07AE1-9101-4BC8-A606-2BB3D6350C9F"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.55c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C79AFE29-692E-4E4B-9CBA-324AE09FC797"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.60:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF022F1A-30D4-4080-82E3-1FC17D61E797"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.61:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F144A46-C84F-43BE-A6C1-C10D582C766E"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.62:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87F48AD3-C45A-4FC0-A4E0-F2DDEDDA7D1A"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A798F46-215D-41B8-8C54-DCF6DA816EC4"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC150BF9-A63A-4178-873D-8C34D71A66FF"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "701CE9B9-62B7-41FF-93AF-0C3E2962A7A7"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.70:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D1FB221-64D1-4B0D-99D5-CE2A1C14DAE1"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.71:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EFC266-1184-4449-A5EA-398A41670E91"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.72:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "471898BA-640E-4A02-98B1-259F008CB72A"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.73:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAE45DC8-4EF9-42C9-9D5C-38F9A373A9E2"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16B4E79-3FE3-40DF-A543-50B323951C0B"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06124AEA-F3E3-4586-AA28-418FB79A9402"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.76:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5D1E65D-5E79-4F0C-9E6C-426BACACC34C"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.99.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02348D9E-D0BB-40F6-96ED-CF2066DE00F6"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:0.99.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3945570-C13A-4A3B-AC3E-7E31A100BF7B"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14C18F57-D4FB-4F3D-8197-62EF9A8E6356"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26736677-0096-4923-8869-6DE6ED1DF00A"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D8E199-217B-42EA-B9BE-C7E9CBE3C56D"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09663166-7ECB-4275-BAD4-DC57F6A70773"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47475313-3B87-424F-A77A-A83FD51C44C2"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78F56283-450A-4006-B6D7-DDF3E898968F"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DAF6245-CFB7-4E1B-B481-B956F8A18E81"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F1E4C5B-CDFF-4C6C-9012-DEDFACAFFC40"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18935216-B1A2-4E62-83B4-F11DE0135505"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05BD7E7A-4FBA-4477-904A-2318F74A8BF3"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DC1803A-2656-4C05-B3FB-F7F2AC296BE7"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F180BCAD-432C-4795-BF91-4E2D01409E0A"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "934CDE7E-EEC8-4CE8-B3DA-92AA5CD7D35B"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF5209C5-3773-4AE4-8145-B11FF7FFA75C"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7376FEF5-9D05-43C3-B8A5-D96E0309B034"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBF3F8F6-BD5B-411E-9F65-C6D9481FC60E"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A336437-F857-4B7D-AC29-70A453A97D11"}, {"criteria": "cpe:2.3:a:maildrop:maildrop:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AF97C89-2163-4233-B367-BE72F40C74FC"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}

10.0 /10