1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDate: 2008-08-18
Candidate: CVE-2008-2936
References:
http://www.ubuntu.com/usn/usn-636-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936
Description:
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before
2.6-20080814, when the operating system supports hard links to symlinks,
allows local users to append e-mail messages to a file to which a
root-owned symlink points, by creating a hard link to this symlink and then
sending a message. NOTE: this can be leveraged to gain privileges if there
is a symlink to an init script.
Ubuntu-Description:
Notes:
jdstrand> requires postfix as delivery agent, no root alias, no mail delivered
to root, and the 'mail' account (or an application in the 'mail' group) to
be compromised
Bugs:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/258162
Priority: low
Discovered-by: Sebastian Krahmer
Assigned-to: lamont
Patches_postfix:
upstream_postfix: released (2.5.4)
dapper_postfix: released (2.2.10-1ubuntu0.2)
feisty_postfix: released (2.3.8-2ubuntu0.2)
gutsy_postfix: released (2.4.5-3ubuntu1.2)
hardy_postfix: released (2.5.1-2ubuntu1.1)
devel_postfix: not-affected
|