postfix: symlink attack
| Package(s): | postfix | CVE #(s): | CVE-2009-2939 | ||||||||
| Created: | April 18, 2011 | Updated: | May 11, 2011 | ||||||||
| Description: | From the Ubuntu advisory:
It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. | ||||||||||
| Alerts: |
| ||||||||||