Launchpad.net

CVE 2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

Related bugs and status

CVE-2008-2936 (Candidate) is related to these bugs:

Bug #258162: Postfix local privilege escalation via hardlinked symlinks

Summary				In	Importance	Status
	258162	Postfix local privilege escalation via hardlinked symlinks		postfix (Ubuntu)	Undecided	Fix Released

Bug #869411: SRU tracking bug for postfix 2.8.2 -> 2.8.5 for natty

Summary				In	Importance	Status
	869411	SRU tracking bug for postfix 2.8.2 -> 2.8.5 for natty		postfix (Ubuntu)	Undecided	Invalid
	869411	SRU tracking bug for postfix 2.8.2 -> 2.8.5 for natty		postfix (Ubuntu Natty)	Wishlist	Fix Released

Bug #2018238: postfix: autopkgtest fails with saslauthd.service installed

Summary				In	Importance	Status
	2018238	postfix: autopkgtest fails with saslauthd.service installed		postfix (Ubuntu)	Medium	Fix Released
	2018238	postfix: autopkgtest fails with saslauthd.service installed		postfix (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-2936

Related bugs and status

Related bugs

References