CVE-2008-2936

Priority
Description
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before
2.6-20080814, when the operating system supports hard links to symlinks,
allows local users to append e-mail messages to a file to which a
root-owned symlink points, by creating a hard link to this symlink and then
sending a message. NOTE: this can be leveraged to gain privileges if there
is a symlink to an init script.
Notes
 jdstrand> requires postfix as delivery agent, no root alias, no mail delivered
  to root, and the 'mail' account (or an application in the 'mail' group) to
  be compromised
Assigned-to
lamont
Package
Upstream:released (2.5.4)
More Information

Updated: 2019-03-19 11:46:28 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)