Roman Medina-Heigl Hernandez

**Name of the Vulnerable Software and Affected Versions** Postfix versions prior to 2.3.15 Postfix versions 2.4 prior to 2.4.8 Postfix versions 2.5 prior to 2.5.4 Postfix versions 2.6 prior to 2.6-20080814 **Description** The issue allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. This can be leveraged to gain privileges if there is a symlink to an init script. **Recommendations** For Postfix versions prior to 2.3.15, update to version 2.3.15 or later. For Postfix versions 2.4 prior to 2.4.8, update to version 2.4.8 or later. For Postfix versions 2.5 prior to 2.5.4, update to version 2.5.4 or later. For Postfix versions 2.6 prior to 2.6-20080814, update to version 2.6-20080814 or later.