PT-2009-5287 · Postfix · Postfix

Wietse Venema

Published

2009-09-21

Updated

2011-08-24

CVE-2009-2939

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: postfix version 2.5.5

Description: The issue allows local users to potentially conduct symlink attacks, overwriting arbitrary files due to the postfix.postinst script granting the postfix user write access to /var/spool/postfix/pid.

Recommendations: For postfix version 2.5.5, consider restricting the write access to /var/spool/postfix/pid to prevent local users from conducting symlink attacks.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2009-2939

Affected Products

Postfix

PT-2009-5287 · Postfix · Postfix

CVE-2009-2939

Weakness Enumeration

Related Identifiers

Affected Products

References · 6