exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2008-2936

Status Candidate

Overview

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

Related Files

Ubuntu Security Notice 636-1
Posted Aug 20, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 636-1 - Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2008-2936
SHA-256 | 07fd8e340c7f0c067a964bcbcb7a5289fbbd23aa9bf76d2187ca5b36a9579f46
Debian Linux Security Advisory 1629-2
Posted Aug 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1629-2 - Due to a version numbering problem, the Postfix update for DSA 1629 was not installable on the i386 (Intel ia32) architecture. This update increases the version number to make it installable on i386 as well.

tags | advisory
systems | linux, debian
advisories | CVE-2008-2936
SHA-256 | 40178e9ed77f361cbab4f820eda492e886d2673abeef4c31c1e25c101b9d98c9
Debian Linux Security Advisory 1629-1
Posted Aug 18, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1629-1 - Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root.

tags | advisory, arbitrary, root
systems | linux, debian
advisories | CVE-2008-2936
SHA-256 | 4d9f7cf1532c9eccc9c6971f969dbfd31c00bb6ade2bd5109259844620a253f5
Pardus Linux Security Advisory 2008.25
Posted Aug 16, 2008
Authored by Pardus Linux, Pardus

Pardus Linux Security Advisory - Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges.

tags | advisory, local
systems | linux
advisories | CVE-2008-2936, CVE-2008-2937
SHA-256 | 09ba3aabe11ce628dd002e7e470cfaad9ac27bf2961b1c53674a2baa0abb20d2
Mandriva Linux Security Advisory 2008-171
Posted Aug 16, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local, root
systems | linux, suse, mandriva
advisories | CVE-2008-2936
SHA-256 | 0dc99c6c3ab906e3b0709a979337a18647bdbcec87cc66e91e250ed08b60ca71
Gentoo Linux Security Advisory 200808-12
Posted Aug 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-12 - Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Versions less than 2.5.3-r1 are affected.

tags | advisory, arbitrary, local, root
systems | linux, solaris, suse, osx, gentoo
advisories | CVE-2008-2936, CVE-2008-2937
SHA-256 | d497bc162a46389e6722a35709f7ab1c3bd832aedc68b2878c475b7a46f79038
SUSE-SA-2008-040.txt
Posted Aug 14, 2008
Site suse.com

SUSE Security Announcement - During a source code audit the SuSE Security-Team discovered a local privilege escalation bug as well as a mailbox ownership problem in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.

tags | advisory, arbitrary, local, root
systems | linux, suse
advisories | CVE-2008-2936, CVE-2008-2937
SHA-256 | 81e5ad466814dd913906492cbc731965a6608acb67d8a6d24ce151ff5ae98b83
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close