The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postfix | Postfix | 2.5.5 (including) | 2.5.5 (including) |
Postfix | Ubuntu | dapper | * |
Postfix | Ubuntu | devel | * |
Postfix | Ubuntu | hardy | * |
Postfix | Ubuntu | intrepid | * |
Postfix | Ubuntu | jaunty | * |
Postfix | Ubuntu | karmic | * |
Postfix | Ubuntu | lucid | * |
Postfix | Ubuntu | maverick | * |
Postfix | Ubuntu | upstream | * |