Postfix local privilege escalation via hardlinked symlinks
Bug #258162 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Fix Released
|
Undecided
|
LaMont Jones |
Bug Description
Binary package hint: postfix
Wietse Venema posted an advisory about this to Bugtraq. Excerpt:
"Sebastian Krahmer of SuSE has found a privilege escalation problem.
On some systems an attacker can hardlink a root-owned symlink to
for example /var/mail, and cause Postfix to append mail to existing
files that are owned by root or non-root accounts."
http://
No CVE number has been assigned to this problem yet, to the best of my knowledge.
To post a comment you must log in.
Updates for all Ubuntu releases have been prepared and are going through the security update process.