Sebastian Krahmer discovered that Postfix was not correctly handling
mailbox ownership when dealing with Linux’s implementation of hardlinking
to symlinks. In certain mail spool configurations, a local attacker
could exploit this to append data to arbitrary files as the root user.
The default Ubuntu configuration was not vulnerable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | postfix | <Â 2.5.1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postfix-cdb | <Â 2.5.1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postfix-ldap | <Â 2.5.1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postfix-mysql | <Â 2.5.1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postfix-pcre | <Â 2.5.1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postfix-pgsql | <Â 2.5.1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | postfix | <Â 2.4.5-3ubuntu1.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | postfix-cdb | <Â 2.4.5-3ubuntu1.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | postfix-ldap | <Â 2.4.5-3ubuntu1.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | postfix-mysql | <Â 2.4.5-3ubuntu1.2 | UNKNOWN |