CVE-2011-3350 – CVE-2011-3350 is a privilege escalation vulnera... (How to Fix)

Q: What is the severity of CVE-2011-3350?

CVE-2011-3350 has a CVSS score of 9.8 (CRITICAL). CVE-2011-3350 is a privilege escalation vulnerability in masqmail email forwarding software where improper seteuid() calls fail to properly drop privileges. This allows local attackers to escalate privileges to root on affected systems. Systems running vulnerable versions of masqmail are affected.

📋 TL;DR

CVE-2011-3350 is a privilege escalation vulnerability in masqmail email forwarding software where improper seteuid() calls fail to properly drop privileges. This allows local attackers to escalate privileges to root on affected systems. Systems running vulnerable versions of masqmail are affected.

💻 Affected Systems

Products:

masqmail

Versions: 0.2.21 through 0.2.30

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where masqmail is installed and configured to run with elevated privileges.

📦 What is this software?

Masqmail by Marmaro

View all CVEs affecting Masqmail →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges on the system, enabling complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local user or compromised service account escalates to root privileges, allowing unauthorized access to sensitive data and system modification.

🟢

If Mitigated

With proper privilege separation and minimal user access, impact is limited to the masqmail service context only.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. Proof-of-concept code has been publicly available since 2011.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: masqmail 0.2.31 and later

Vendor Advisory: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638002

Restart Required: Yes

Instructions:

1. Update masqmail to version 0.2.31 or later using your distribution's package manager. 2. Restart the masqmail service or reboot the system.

🔧 Temporary Workarounds

Remove masqmail

linux

Uninstall masqmail if not required for system functionality

sudo apt-get remove masqmail
sudo yum remove masqmail

Restrict local access

all

Limit local user access to systems running masqmail

🧯 If You Can't Patch

Run masqmail with minimal necessary privileges using SELinux/AppArmor
Isolate masqmail to dedicated systems with no sensitive data

🔍 How to Verify

Check if Vulnerable:

Check masqmail version: dpkg -l masqmail | grep ^ii or rpm -q masqmail

Check Version:

masqmail --version

Verify Fix Applied:

Verify installed version is 0.2.31 or higher using version check command

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation attempts
Abnormal masqmail process behavior

Network Indicators:

None - local privilege escalation only

SIEM Query:

process.name="masqmail" AND event.action="privilege_escalation"

📊 Metadata

CVE ID: CVE-2011-3350

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-273

Published: November 19, 2019

Last Updated: November 21, 2024

🔗 References

https://access.redhat.com/security/cve/cve-2011-3350 Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638002 Issue Tracking,Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3350 Third Party Advisory
https://access.redhat.com/security/cve/cve-2011-3350 Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638002 Issue Tracking,Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3350 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2011-3350, you might also want to check these: