[Bug 258162] [NEW] Postfix local privilege escalation via hardlinked symlinks

Alexander Konovalenko alexkon at gmail.com
Fri Aug 15 15:17:23 BST 2008

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: postfix

Wietse Venema posted an advisory about this to Bugtraq. Excerpt:

"Sebastian Krahmer of SuSE has found a privilege escalation problem.
On some systems an attacker can hardlink a root-owned symlink to
for example /var/mail, and cause Postfix to append mail to existing
files that are owned by root or non-root accounts."


No CVE number has been assigned to this problem yet, to the best of my

** Affects: postfix (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

Postfix local privilege escalation via hardlinked symlinks
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in ubuntu.

More information about the Ubuntu-server-bugs mailing list