CVE-2008-2936
EPSS 0.25%postfix - local privilege escalation
發布日:2008/8/18修改日:2026/4/28
描述
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
受影響套件(4)
- Debian/postfixfrom 0, < 2.5.4-1
- Debian/postfixfrom 0, < 2.3.8-2etch1
- Debian/postfixfrom 0, < 2.3.8-2+etch1
- Debian/postfixfrom 0, < 2.5.2-2lenny1