26 matches found
Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
No description provided by source. !/bin/sh rspocfix.sh PoC for Postfix local root vulnerability: CVE-2008-2936 by Roman Medina-Heigl Hernandez a.k.a. RoMaNSoFt [email protected] Tested: Ubuntu / Debian Madrid, 30.Aug.2008 Config writabledir=/tmp spooldir=/var/mail Use postconf mailspooldirectory...
Oracle Linux 5 : post (ELSA-2008-0839)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2008-0839 advisory. 2.3.3-2.1 - fixed postfix privilege problem with symlinks in the mail spool directory CVE-2008-2936 Resolves: rhbz456717 Tenable has extracted the preceding...
SLES10: Security update for Postfix
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: postfix More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText: 2009...
SLES9: Security update for Postfix
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: postfix For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 5032740 within the SuS...
SuSE9 Security Update : Postfix (YOU Patch Number 12219)
A local privilege escalation vulnerability as well as a mailbox ownership problem has been fixed in postfix. CVE-2008-2936 and CVE-2008-2937 have been assigned to this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
openSUSE Security Update : postfix (postfix-133)
A local privilege escalation vulnerability as well as a mailbox ownership problem has been fixed in postfix. CVE-2008-2936 and CVE-2008-2937 have been assigned to this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...
Mandriva Linux Security Advisory : postfix (MDVSA-2008:171)
Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to...
Ubuntu Update for postfix vulnerability USN-636-1
Ubuntu Update for Linux kernel vulnerabilities USN-636-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6361.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for postfix vulnerability USN-636-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
RedHat Update for postfix RHSA-2008:0839-01
Check for the Version of postfix OpenVAS Vulnerability Test RedHat Update for postfix RHSA-2008:0839-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
RedHat Update for postfix RHSA-2008:0839-01
Check for the Version of postfix OpenVAS Vulnerability Test RedHat Update for postfix RHSA-2008:0839-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for postfix FEDORA-2008-8595
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for postfix FEDORA-2008-8595
Check for the Version of postfix OpenVAS Vulnerability Test Fedora Update for postfix FEDORA-2008-8595 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
SuSE Update for postfix SUSE-SA:2008:040
Check for the Version of postfix OpenVAS Vulnerability Test $Id: gbsuse2008040.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for postfix SUSE-SA:2008:040 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...
PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, The recent vulnerability in Postfix discovered by Sebastian Krahmer is trivially exploitable when certain preconditions are met. Nevertheless, it's very difficult to find such conditions in a real-world scenario. I wrote this exploit for fun an...
rs_pocfix.txt
!/bin/sh "rspocfix.sh" PoC for Postfix local root vulnerability: CVE-2008-2936 by Roman Medina-Heigl Hernandez a.k.a. RoMaNSoFt Tested: Ubuntu / Debian Madrid, 30.Aug.2008 Config writabledir=/tmp spooldir=/var/mail Use "postconf mailspooldirectory" to obtain this user=root target=/etc/passwd...
Postfix <= 2.6-20080814 (symlink) Local Privilege Escalation Exploit
No description provided by source. !/bin/sh "rspocfix.sh" PoC for Postfix local root vulnerability: CVE-2008-2936 by Roman Medina-Heigl Hernandez a.k.a. RoMaNSoFt [email protected] Tested: Ubuntu / Debian Madrid, 30.Aug.2008 Config writabledir=/tmp spooldir=/var/mail Use "postconf...
[SECURITY] [DSA 1629-2] New postfix packages fix installability problem on i386
------------------------------------------------------------------------ Debian Security Advisory DSA-1629-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 19, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1629-1] New postfix packages fix privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-1629-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 18, 2008 http://www.debian.org/security/faq -...
CVE-2008-2936
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...
CVE-2008-2936
CVE-2008-2936 - Postfix local privilege escalation : Affects Postfix as shipped before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 20080814. On OSes that support hard links to symlinks, a local user can fail-dangerously append mail to a root-owned symlink’s target by creating a har...