CVE-2008-2936

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 2.3.15 Postfix versions 2.4 prior to 2.4.8 Postfix versions 2.5 prior to 2.5.4 Postfix versions 2.6 prior to 2.6-20080814

Description The issue allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. This can be leveraged to gain privileges if there is a symlink to an init script.

Recommendations For Postfix versions prior to 2.3.15, update to version 2.3.15 or later. For Postfix versions 2.4 prior to 2.4.8, update to version 2.4.8 or later. For Postfix versions 2.5 prior to 2.5.4, update to version 2.5.4 or later. For Postfix versions 2.6 prior to 2.6-20080814, update to version 2.6-20080814 or later.