‘Deliver Mail Delivery Multiple Race Condition Vulnerabilities’

Summary

Deliver, a mail delivery program installed suid root as /usr/bin/deliver, is vulnerable to several race conditions that can be exploited by a local attacker using symbolic links.’

Credit:

‘The information has been provided by Dan Rosenberg.
The original article can be found at: http://seclists.org/bugtraq/2010/Mar/211


Details

Vulnerable Systems:
 * Deliver 2.1.14 and earlier versions

On systems using Deliver over NFS, these attacks can result in gaining root privileges via taking ownership of critical system files. On other systems, these attacks can result in denial-of-service conditions and information disclosure. In addition, users can deny service to other users by creating lockfiles for other users’ mailboxes.

Workaround:
Users are advised to discontinue use of Deliver in the absence of a patch or new release from the developer.

CVE Information:
CVE-2010-0439

Disclosure Timeline:
1/14/10 – Vulnerabilities discovered
1/27/10 – Developer notified
1/27/10 – Developer response, fix planned
3/20/10 – Fix deadlines repeatedly passed, disclosure date set at 3/24/10
3/24/10 – Disclosure’

Categories: UNIX