CVE-2009-2939
Published: 21 September 2009
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
Notes
| Author | Note |
|---|---|
| jdstrand | per Weitse, the symlink attack should not be possible due to defensive programming. A subverted postfix process running as 'postfix' could replace the pid file, which master could then send signals to. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
postfix Launchpad, Ubuntu, Debian |
dapper |
Released
(2.2.10-1ubuntu0.3)
|
| hardy |
Released
(2.5.1-2ubuntu1.3)
|
|
| intrepid |
Ignored
(end of life, was needed)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Released
(2.6.5-3)
|
|
| lucid |
Released
(2.6.5-3)
|
|
| maverick |
Released
(2.6.5-3)
|
|
| upstream |
Released
(2.6.5-3)
|