Lucene search

[email protected]CVE-2008-4977

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2008-4977

2022-10-0316:14:01

CWE-59

[email protected]

web.nvd.nist.gov

postfix

cve-2008-4977

symlink attack

nvd

security vulnerability

6.3 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue … users would have to edit a script under /usr/lib to enable it.

Affected configurations

NVD

Node

postfixpostfixMatch2.5.2

CPENameOperatorVersion
postfix:postfixpostfixeq2.5.2

CPE	Name	Operator	Version
postfix:postfix	postfix	eq	2.5.2

References

bugs.debian.org/496401

dev.gentoo.org/~rbu/security/debiantemp/postfix

www.openwall.com/lists/oss-security/2008/10/30/2

bugs.gentoo.org/show_bug.cgi?id=235770

bugs.gentoo.org/show_bug.cgi?id=235811

6.3 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-4977

ubuntucve1 nvd1 redhatcve1 prion1 cvelist1