Vulnerability Details : CVE-2005-2655
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
Products affected by CVE-2005-2655
- cpe:2.3:a:maildrop:maildrop:0.50:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.54a:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.63:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.76:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55b:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55c:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.51b:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.51c:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.74:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.54b:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.55a:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.62:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.64:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.75:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:0.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:maildrop:maildrop:1.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2655
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2655
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2005-2655
-
http://www.debian.org/security/2005/dsa-791
[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command executionPatch;Vendor Advisory
Jump to