Computer Security
[EN] securityvulns.ru no-pyccku


Postfix mail server hardlinks privilege escalation
updated since 14.08.2008
Published:02.09.2008
Source:
SecurityVulns ID:9222
Type:local
Threat Level:
4/10
Description:It's possible to cause Postfix to deliver mail to system file by using hardlinks to symlink (available against standard in Linux, IRIX, Solaris).
Affected:POSTFIX : Postfix 2.3
 POSTFIX : Postfix 2.4
 POSTFIX : postfix 2.5
 POSTFIX : postfix 2.6
CVE:CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.)
 CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.)
Original documentdocumentRoman Medina, PoCfix (PoC for Postfix local root vuln - CVE-2008-2936) (02.09.2008)
 documentWietse Venema, Postfix local privilege escalation via hardlinked symlinks (14.08.2008)
Files:PoC for Postfix local root vuln - CVE-2008-2936

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod