CVE-2008-4977

Name of the Vulnerable Software and Affected Versions Postfix version 2.5.2

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/postfix groups.stdout, /tmp/postfix groups.stderr, and /tmp/postfix groups.message temporary files. The vendor disputes this issue, stating that users would have to edit a script under /usr/lib to enable it.

Recommendations For Postfix version 2.5.2, consider restricting access to the temporary files /tmp/postfix groups.stdout, /tmp/postfix groups.stderr, and /tmp/postfix groups.message to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.