QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-2936

Back to search

CVE-2008-2936

Published: Aug 18, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

VendorProductVersions

n/a

n/a

affected
n/a

References

FEDORA-2008-8595
vendor-advisory
x_refsource_FEDORA
32231
third-party-advisory
x_refsource_SECUNIA
31469
third-party-advisory
x_refsource_SECUNIA
DSA-1629
vendor-advisory
x_refsource_DEBIAN
31530
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-8593
vendor-advisory
x_refsource_FEDORA
1020700
vdb-entry
x_refsource_SECTRACK
20080821 rPSA-2008-0259-1 postfix
mailing-list
x_refsource_BUGTRAQ
VU#938323
third-party-advisory
x_refsource_CERT-VN
4160
third-party-advisory
x_refsource_SREASON
30691
vdb-entry
x_refsource_BID
SUSE-SA:2008:040
vendor-advisory
x_refsource_SUSE
31474
third-party-advisory
x_refsource_SECUNIA
6337
exploit
x_refsource_EXPLOIT-DB
RHSA-2008:0839
vendor-advisory
x_refsource_REDHAT
31500
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10033
vdb-entry
signature
x_refsource_OVAL
31477
third-party-advisory
x_refsource_SECUNIA
31485
third-party-advisory
x_refsource_SECUNIA
USN-636-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2008:171
vendor-advisory
x_refsource_MANDRIVA
ADV-2008-2385
vdb-entry
x_refsource_VUPEN
GLSA-200808-12
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now