Local File Overwrite Vulnerability in Postfix by Vandenbergh
CVE-2008-4977

Currently unrated

Key Information:

Vendor: Postfix
Status: Postfix
Vendor: CVE Published:; 6 November 2008

What is CVE-2008-4977?

Postfix 2.5.2 has a vulnerability that allows local users to leverage symlink attacks to overwrite arbitrary files, specifically the temporary files /tmp/postfix_groups.stdout, /tmp/postfix_groups.stderr, and /tmp/postfix_groups.message. This situation arises when users modify a script located in the /usr/lib directory, leading to potential exploitation risks. While the vendor disputes the validity of this issue, it is essential for users to be aware of the implications of such attacks and take appropriate security measures.

References

http://www.openwall.com/lists/oss-security/2008/10/30/2

mailing-listx_refsource_MLIST

https://bugs.gentoo.org/show_bug.cgi?id=235770

x_refsource_MISC

http://dev.gentoo.org/~rbu/security/debiantemp/postfix

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 6, 2008

CVE-2008-4977 Data

JSON