CVE-2009-2939

EPSS 0.02%

發布日:2009/9/21修改日:2026/4/28

描述

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

受影響套件(1)

Debian/postfixfrom 0, < 2.6.5-3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-2939