CVE-2008-2936 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2008-2936
Status Candidate
Description Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
Phase Assigned (30.06.2008)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2936
References BID : 30691
BUGTRAQ : 20080814 Postfix local privilege escalation via hardlinked symlinks
BUGTRAQ : 20080821 rPSA-2008-0259-1 postfix
BUGTRAQ : 20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)
CERT-VN : VU#938323
CONFIRM : ftp://ftp.porcupine.org/mirrors/postfix-release/ex...
CONFIRM : ftp://ftp.porcupine.org/mirrors/postfix-release/of...
CONFIRM : ftp://ftp.porcupine.org/mirrors/postfix-release/of...
CONFIRM : ftp://ftp.porcupine.org/mirrors/postfix-release/of...
CONFIRM : http://wiki.rpath.com/Advisories:rPSA-2008-0259
CONFIRM : https://issues.rpath.com/browse/RPL-2689
DEBIAN : DSA-1629
FEDORA : FEDORA-2008-8593
FEDORA : FEDORA-2008-8595
GENTOO : GLSA-200808-12
MANDRIVA : MDVSA-2008:171
MILW0RM : 6337
MLIST : [postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks
OVAL : oval:org.mitre.oval:def:10033
REDHAT : RHSA-2008:0839
SECTRACK : 1020700
SECUNIA : 31469
SECUNIA : 31474
SECUNIA : 31477
SECUNIA : 31485
SECUNIA : 31500
SECUNIA : 31530
SECUNIA : 32231
SREASON : 4160
SUSE : SUSE-SA:2008:040
UBUNTU : USN-636-1
VUPEN : ADV-2008-2385
XF : postfix-symlink-code-execution(44460)
SecurityVulns: Postfix mail server hardlinks privilege escalation

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server