2010-02-04 18:00:00
redhat
PUBLISHED
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a users home directory, which allows local users to gain privileges via a crafted file.