PT-2008-4373 · Postfix+1 · Postfix+1
Roman Medina-Heigl Hernandez
+1
·
Published
2008-08-14
·
Updated
2023-02-13
·
CVE-2008-2936
CVSS v2.0
6.2
Medium
| Vector | AV:L/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Postfix versions prior to 2.3.15
Postfix versions 2.4 prior to 2.4.8
Postfix versions 2.5 prior to 2.5.4
Postfix versions 2.6 prior to 2.6-20080814
Description
The issue allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. This can be leveraged to gain privileges if there is a symlink to an init script.
Recommendations
For Postfix versions prior to 2.3.15, update to version 2.3.15 or later.
For Postfix versions 2.4 prior to 2.4.8, update to version 2.4.8 or later.
For Postfix versions 2.5 prior to 2.5.4, update to version 2.5.4 or later.
For Postfix versions 2.6 prior to 2.6-20080814, update to version 2.6-20080814 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Postfix
Red Hat