CVE-2002-1311

UNRATED

Description

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

Affected products

double_precision_incorporated / courier_mta0.37.3 – 0.37.3
double_precision_incorporated / courier_mta0.40 – 0.40

References

MISChttp://www.iss.net/security_center/static/10643.php
MISChttp://www.securityfocus.com/bid/6189
VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-197
MAILING_LISThttp://marc.info/?l=bugtraq&m=103794021013436&w=2