[Bug 258162] [NEW] Postfix local privilege escalation via hardlinked symlinks

Alexander Konovalenko alexkon at gmail.com
Fri Aug 15 15:17:23 BST 2008


*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: postfix

Wietse Venema posted an advisory about this to Bugtraq. Excerpt:

"Sebastian Krahmer of SuSE has found a privilege escalation problem.
On some systems an attacker can hardlink a root-owned symlink to
for example /var/mail, and cause Postfix to append mail to existing
files that are owned by root or non-root accounts."

http://www.securityfocus.com/archive/1/495474/30/0/threaded

No CVE number has been assigned to this problem yet, to the best of my
knowledge.

** Affects: postfix (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

-- 
Postfix local privilege escalation via hardlinked symlinks
https://bugs.launchpad.net/bugs/258162
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in ubuntu.



More information about the Ubuntu-server-bugs mailing list