UbuntuUSN-636-1Postfix vulnerability
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.1 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
18.1%
Releases
- Ubuntu 8.04
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.06
Packages
- postfix -
Details
Sebastian Krahmer discovered that Postfix was not correctly handling
mailbox ownership when dealing with Linux’s implementation of hardlinking
to symlinks. In certain mail spool configurations, a local attacker
could exploit this to append data to arbitrary files as the root user.
The default Ubuntu configuration was not vulnerable.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 8.04 | noarch | postfix | < 2.5.1-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-cdb | < 2.5.1-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-ldap | < 2.5.1-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-mysql | < 2.5.1-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-pcre | < 2.5.1-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-pgsql | < 2.5.1-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix | < 2.4.5-3ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix-cdb | < 2.4.5-3ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix-ldap | < 2.4.5-3ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix-mysql | < 2.4.5-3ubuntu1.2 | UNKNOWN |
References
Related
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.1 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
18.1%