Ubuntu Security Notice 636-1 - Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.
07fd8e340c7f0c067a964bcbcb7a5289fbbd23aa9bf76d2187ca5b36a9579f46Debian Security Advisory 1629-2 - Due to a version numbering problem, the Postfix update for DSA 1629 was not installable on the i386 (Intel ia32) architecture. This update increases the version number to make it installable on i386 as well.
40178e9ed77f361cbab4f820eda492e886d2673abeef4c31c1e25c101b9d98c9Debian Security Advisory 1629-1 - Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root.
4d9f7cf1532c9eccc9c6971f969dbfd31c00bb6ade2bd5109259844620a253f5Pardus Linux Security Advisory - Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges.
09ba3aabe11ce628dd002e7e470cfaad9ac27bf2961b1c53674a2baa0abb20d2Mandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to. The updated packages have been patched to correct this issue.
0dc99c6c3ab906e3b0709a979337a18647bdbcec87cc66e91e250ed08b60ca71Gentoo Linux Security Advisory GLSA 200808-12 - Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Versions less than 2.5.3-r1 are affected.
d497bc162a46389e6722a35709f7ab1c3bd832aedc68b2878c475b7a46f79038SUSE Security Announcement - During a source code audit the SuSE Security-Team discovered a local privilege escalation bug as well as a mailbox ownership problem in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.
81e5ad466814dd913906492cbc731965a6608acb67d8a6d24ce151ff5ae98b83
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed