1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2008-4977
PublicDate: 2008-11-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4977
Description:
** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to
overwrite arbitrary files via a symlink attack on the (1)
/tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3)
/tmp/postfix_groups.message temporary files. NOTE: the vendor disputes
this vulnerability, stating "This is not a real issue ... users would have
to edit a script under /usr/lib to enable it."
Ubuntu-Description:
Notes:
jdstrand> per Debian, Not enabled by default, needs manual modification of a
script
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_postfix:
upstream_postfix: needs-triage
dapper_postfix: ignored
gutsy_postfix: ignored (reached end-of-life)
hardy_postfix: ignored
intrepid_postfix: ignored
jaunty_postfix: ignored
devel_postfix: ignored
|