what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed


Status Candidate


Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

Related Files

Ubuntu Security Notice 636-1
Posted Aug 20, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 636-1 - Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2008-2936
SHA-256 | 07fd8e340c7f0c067a964bcbcb7a5289fbbd23aa9bf76d2187ca5b36a9579f46
Debian Linux Security Advisory 1629-2
Posted Aug 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1629-2 - Due to a version numbering problem, the Postfix update for DSA 1629 was not installable on the i386 (Intel ia32) architecture. This update increases the version number to make it installable on i386 as well.

tags | advisory
systems | linux, debian
advisories | CVE-2008-2936
SHA-256 | 40178e9ed77f361cbab4f820eda492e886d2673abeef4c31c1e25c101b9d98c9
Debian Linux Security Advisory 1629-1
Posted Aug 18, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1629-1 - Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root.

tags | advisory, arbitrary, root
systems | linux, debian
advisories | CVE-2008-2936
SHA-256 | 4d9f7cf1532c9eccc9c6971f969dbfd31c00bb6ade2bd5109259844620a253f5
Pardus Linux Security Advisory 2008.25
Posted Aug 16, 2008
Authored by Pardus Linux, Pardus

Pardus Linux Security Advisory - Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges.

tags | advisory, local
systems | linux
advisories | CVE-2008-2936, CVE-2008-2937
SHA-256 | 09ba3aabe11ce628dd002e7e470cfaad9ac27bf2961b1c53674a2baa0abb20d2
Mandriva Linux Security Advisory 2008-171
Posted Aug 16, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local, root
systems | linux, suse, mandriva
advisories | CVE-2008-2936
SHA-256 | 0dc99c6c3ab906e3b0709a979337a18647bdbcec87cc66e91e250ed08b60ca71
Gentoo Linux Security Advisory 200808-12
Posted Aug 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-12 - Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Versions less than 2.5.3-r1 are affected.

tags | advisory, arbitrary, local, root
systems | linux, solaris, suse, osx, gentoo
advisories | CVE-2008-2936, CVE-2008-2937
SHA-256 | d497bc162a46389e6722a35709f7ab1c3bd832aedc68b2878c475b7a46f79038
Posted Aug 14, 2008
Site suse.com

SUSE Security Announcement - During a source code audit the SuSE Security-Team discovered a local privilege escalation bug as well as a mailbox ownership problem in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.

tags | advisory, arbitrary, local, root
systems | linux, suse
advisories | CVE-2008-2936, CVE-2008-2937
SHA-256 | 81e5ad466814dd913906492cbc731965a6608acb67d8a6d24ce151ff5ae98b83
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By