[Bug 258162] [NEW] Postfix local privilege escalation via hardlinked symlinks
Alexander Konovalenko
alexkon at gmail.com
Fri Aug 15 15:17:23 BST 2008
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: postfix
Wietse Venema posted an advisory about this to Bugtraq. Excerpt:
"Sebastian Krahmer of SuSE has found a privilege escalation problem.
On some systems an attacker can hardlink a root-owned symlink to
for example /var/mail, and cause Postfix to append mail to existing
files that are owned by root or non-root accounts."
http://www.securityfocus.com/archive/1/495474/30/0/threaded
No CVE number has been assigned to this problem yet, to the best of my
knowledge.
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
Postfix local privilege escalation via hardlinked symlinks
https://bugs.launchpad.net/bugs/258162
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in ubuntu.
More information about the Ubuntu-server-bugs
mailing list