Lucene search

[email protected]NVD:CVE-2008-2936

HistoryAug 18, 2008 - 7:41 p.m.

CVE-2008-2936

2008-08-1819:41:00

CWE-264

[email protected]

web.nvd.nist.gov

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.9%

JSON

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

Affected configurations

NVD

Node

postfixpostfixMatch2.3.0

postfixpostfixMatch2.3.1

postfixpostfixMatch2.3.2

postfixpostfixMatch2.3.3

postfixpostfixMatch2.3.4

postfixpostfixMatch2.3.5

postfixpostfixMatch2.3.6

postfixpostfixMatch2.3.7

postfixpostfixMatch2.3.8

postfixpostfixMatch2.3.9

postfixpostfixMatch2.3.10

postfixpostfixMatch2.3.11

postfixpostfixMatch2.3.12

postfixpostfixMatch2.3.13

postfixpostfixMatch2.3.14

postfixpostfixMatch2.4.0

postfixpostfixMatch2.4.1

postfixpostfixMatch2.4.2

postfixpostfixMatch2.4.3

postfixpostfixMatch2.4.4

postfixpostfixMatch2.4.5

postfixpostfixMatch2.4.6

postfixpostfixMatch2.4.7

postfixpostfixMatch2.5.0

postfixpostfixMatch2.5.1

postfixpostfixMatch2.5.2

postfixpostfixMatch2.5.3

postfixpostfixMatch2.6.0

References

ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY

ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY

ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY

ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY

article.gmane.org/gmane.mail.postfix.announce/110

lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html

secunia.com/advisories/31469

secunia.com/advisories/31474

secunia.com/advisories/31477

secunia.com/advisories/31485

secunia.com/advisories/31500

secunia.com/advisories/31530

secunia.com/advisories/32231

security.gentoo.org/glsa/glsa-200808-12.xml

securityreason.com/securityalert/4160

wiki.rpath.com/Advisories:rPSA-2008-0259

www.debian.org/security/2008/dsa-1629

www.kb.cert.org/vuls/id/938323

www.mandriva.com/security/advisories?name=MDVSA-2008:171

www.redhat.com/support/errata/RHSA-2008-0839.html

www.securityfocus.com/archive/1/495474/100/0/threaded

www.securityfocus.com/archive/1/495632/100/0/threaded

www.securityfocus.com/archive/1/495882/100/0/threaded

www.securityfocus.com/bid/30691

www.securitytracker.com/id?1020700

www.vupen.com/english/advisories/2008/2385

exchange.xforce.ibmcloud.com/vulnerabilities/44460

issues.rpath.com/browse/RPL-2689

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033

usn.ubuntu.com/636-1/

www.exploit-db.com/exploits/6337

www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.9%

JSON

Related for NVD:CVE-2008-2936

nessus14 openvas26 veracode1 cve1 cert1 centos1 seebug2 exploitpack1 debiancve1 prion1 oraclelinux1 securityvulns2 debian2 packetstorm1 ubuntu1 ubuntucve1 altlinux1 cvelist1 redhat1 exploitdb1 suse1 gentoo1 fedora2