CVE-2008-2936

Severity

62%

Complexity

19%

Confidentiality

165%

Please refer to the following links for additional version information (vendor release notes): Postfix 2.3 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.3.15.RELEASE_NOTES Postfix 2.4 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.4.8.RELEASE_NOTES Postfix 2.5 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.5.4.RELEASE_NOTES Postfix 2.6 - ftp://mirrors.loonybin.net/pub/postfix/experimental/postfix-2.6-20080814.RELEASE_NOTES

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

Please refer to the following links for additional version information (vendor release notes): Postfix 2.3 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.3.15.RELEASE_NOTES Postfix 2.4 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.4.8.RELEASE_NOTES Postfix 2.5 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.5.4.RELEASE_NOTES Postfix 2.6 - ftp://mirrors.loonybin.net/pub/postfix/experimental/postfix-2.6-20080814.RELEASE_NOTES

CVSS 2.0 Base Score 6.2. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C).

Overview

Type

postfix

First reported 16 years ago

2008-08-18 19:41:00

Last updated 6 years ago

2018-10-11 20:45:00

Affected Software

postfix 2.3.0

2.3.0

postfix 2.3.1

2.3.1

postfix 2.3.2

2.3.2

postfix 2.3.3

2.3.3

postfix 2.3.4

2.3.4

postfix 2.3.5

2.3.5

postfix 2.3.6

2.3.6

postfix 2.3.7

2.3.7

postfix 2.3.8

2.3.8

postfix 2.3.9

2.3.9

postfix 2.3.10

2.3.10

postfix 2.3.11

2.3.11

postfix 2.3.12

2.3.12

postfix 2.3.13

2.3.13

postfix 2.3.14

2.3.14

postfix 2.4.0

2.4.0

postfix 2.4.1

2.4.1

postfix 2.4.2

2.4.2

postfix 2.4.3

2.4.3

postfix 2.4.4

2.4.4

postfix 2.4.5

2.4.5

postfix 2.4.6

2.4.6

postfix 2.4.7

2.4.7

postfix 2.5.0

2.5.0

postfix 2.5.1

2.5.1

postfix 2.5.2

2.5.2

postfix 2.5.3

2.5.3

postfix 2.6.0

2.6.0

References

ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY

ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY

ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY

ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY

[postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks

SUSE-SA:2008:040

31469

31474

31477

31485

Vendor Advisory

31500

Vendor Advisory

31530

32231

GLSA-200808-12

4160

http://wiki.rpath.com/Advisories:rPSA-2008-0259

DSA-1629

VU#938323

US Government Resource

MDVSA-2008:171

RHSA-2008:0839

20080814 Postfix local privilege escalation via hardlinked symlinks

20080821 rPSA-2008-0259-1 postfix

20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)

30691

Patch

1020700

ADV-2008-2385

postfix-symlink-code-execution(44460)

https://issues.rpath.com/browse/RPL-2689

oval:org.mitre.oval:def:10033

USN-636-1

6337

FEDORA-2008-8595

FEDORA-2008-8593

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.