Lucene search
HistorySep 21, 2009 - 7:30 p.m.
CVE-2009-2939
postinst script
debian gnu/linux
ubuntu
symlink attacks
nvd
cve-2009-2939
6.1 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| postfix:postfix | postfix | eq | 2.5.5 |
Related
prion
prion
Code injection
2009-09-21 19:30:00
seebug
seebug
Debian和Ubuntu Postfix不安全临时文件建立漏洞
2009-09-25 00:00:00
ubuntucve
ubuntucve
CVE-2009-2939
2009-09-21 00:00:00
debiancve
debiancve
CVE-2009-2939
2009-09-21 19:30:00
openvas
openvas
Ubuntu: Security Advisory (USN-1113-1)
2011-05-10 00:00:00
Ubuntu Update for postfix USN-1113-1
2011-05-10 00:00:00
Debian: Security Advisory (DSA-2233-1)
2011-08-03 00:00:00
ubuntu
ubuntu
Postfix vulnerabilities
2011-04-18 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : postfix vulnerabilities (USN-1113-1)
2011-06-13 00:00:00
Debian DSA-2233-1 : postfix - several vulnerabilities
2011-05-11 00:00:00
osv
osv
postfix - several
2011-05-10 00:00:00
debian
debian
[SECURITY] [DSA 2233-1] postfix security update
2011-05-10 17:57:47
6.1 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2009-2939