CVE Vulnerabilities

CVE-2008-2936

Published: Aug 18, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.2 MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

Affected Software

Name Vendor Start Version End Version
Postfix Postfix 2.3.0 2.3.0
Postfix Postfix 2.3.1 2.3.1
Postfix Postfix 2.3.2 2.3.2
Postfix Postfix 2.3.3 2.3.3
Postfix Postfix 2.3.4 2.3.4
Postfix Postfix 2.3.5 2.3.5
Postfix Postfix 2.3.6 2.3.6
Postfix Postfix 2.3.7 2.3.7
Postfix Postfix 2.3.8 2.3.8
Postfix Postfix 2.3.9 2.3.9
Postfix Postfix 2.3.10 2.3.10
Postfix Postfix 2.3.11 2.3.11
Postfix Postfix 2.3.12 2.3.12
Postfix Postfix 2.3.13 2.3.13
Postfix Postfix 2.3.14 2.3.14
Postfix Postfix 2.4.0 2.4.0
Postfix Postfix 2.4.1 2.4.1
Postfix Postfix 2.4.2 2.4.2
Postfix Postfix 2.4.3 2.4.3
Postfix Postfix 2.4.4 2.4.4
Postfix Postfix 2.4.5 2.4.5
Postfix Postfix 2.4.6 2.4.6
Postfix Postfix 2.4.7 2.4.7
Postfix Postfix 2.5.0 2.5.0
Postfix Postfix 2.5.1 2.5.1
Postfix Postfix 2.5.2 2.5.2
Postfix Postfix 2.5.3 2.5.3
Postfix Postfix 2.6.0 2.6.0
Red Hat Enterprise Linux 3 RedHat postfix-2:2.0.16-14.1.RHEL3 *
Red Hat Enterprise Linux 4 RedHat postfix-2:2.2.10-1.2.1.el4_7 *
Red Hat Enterprise Linux 5 RedHat postfix-2:2.3.3-2.1.el5_2 *
Postfix Ubuntu dapper *
Postfix Ubuntu feisty *
Postfix Ubuntu gutsy *
Postfix Ubuntu hardy *
Postfix Ubuntu upstream *

References