Lucene search
Ubuntu.comUB:CVE-2009-2939HistorySep 21, 2009 - 12:00 a.m.
CVE-2009-2939
2009-09-2100:00:00
ubuntu.com
ubuntu.com
10
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix
2.5.5 package grants the postfix user write access to
/var/spool/postfix/pid, which might allow local users to conduct symlink
attacks that overwrite arbitrary files.
Notes
| Author | Note |
|---|---|
| jdstrand | per Weitse, the symlink attack should not be possible due to defensive programming. A subverted postfix process running as ‘postfix’ could replace the pid file, which master could then send signals to. |
Related
prion
prion
Code injection
2009-09-21 19:30:00
cve
cve
CVE-2009-2939
2009-09-21 19:30:00
debiancve
debiancve
CVE-2009-2939
2009-09-21 19:30:00
seebug
seebug
Debian和Ubuntu Postfix不安全临时文件建立漏洞
2009-09-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1113-1)
2011-05-10 00:00:00
Ubuntu Update for postfix USN-1113-1
2011-05-10 00:00:00
Debian: Security Advisory (DSA-2233-1)
2011-08-03 00:00:00
ubuntu
ubuntu
Postfix vulnerabilities
2011-04-18 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : postfix vulnerabilities (USN-1113-1)
2011-06-13 00:00:00
Debian DSA-2233-1 : postfix - several vulnerabilities
2011-05-11 00:00:00
osv
osv
postfix - several
2011-05-10 00:00:00
debian
debian
[SECURITY] [DSA 2233-1] postfix security update
2011-05-10 17:57:47
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
Related for UB:CVE-2009-2939