// For flags

CVE-2008-2936

Postfix 2.6-20080814 - 'symlink' Local Privilege Escalation

Severity Score

6.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

Postfix antes de 2.3.15, 2.4 anterior a 2.4.8, 2.5 anterior a 2.5.4 y 2.6 antes de 2.6-20080814, cuando el sistema operativo admite enlaces duros (hard links) a enlaces simbólicos, permite a usuarios locales añadir mensajes de correo a un archivo al que apunta un enlace simbólico propiedad de root, creando un enlace duro a este enlace simbólico y enviando un mensaje después. NOTA: esto puede ser utilizado para obtener privilegios si hay un enlace simbólico a un script init.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-06-30 CVE Reserved
  • 2008-08-14 CVE Published
  • 2023-10-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (35)
URL Tag Source
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY X_refsource_confirm
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY X_refsource_confirm
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY X_refsource_confirm
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY X_refsource_confirm
http://article.gmane.org/gmane.mail.postfix.announce/110 Mailing List
http://secunia.com/advisories/31469 Third Party Advisory
http://secunia.com/advisories/31474 Third Party Advisory
http://secunia.com/advisories/31477 Third Party Advisory
http://secunia.com/advisories/31530 Third Party Advisory
http://secunia.com/advisories/32231 Third Party Advisory
http://securityreason.com/securityalert/4160 Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0259 X_refsource_confirm
http://www.kb.cert.org/vuls/id/938323 Third Party Advisory
http://www.securityfocus.com/archive/1/495474/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/495632/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/495882/100/0/threaded Mailing List
http://www.securitytracker.com/id?1020700 Vdb Entry
http://www.vupen.com/english/advisories/2008/2385 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44460 Vdb Entry
https://issues.rpath.com/browse/RPL-2689 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033 Signature
URL Date SRC
http://www.securityfocus.com/bid/30691 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.0
Search vendor "Postfix" for product "Postfix" and version "2.3.0"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.1
Search vendor "Postfix" for product "Postfix" and version "2.3.1"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.2
Search vendor "Postfix" for product "Postfix" and version "2.3.2"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.3
Search vendor "Postfix" for product "Postfix" and version "2.3.3"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.4
Search vendor "Postfix" for product "Postfix" and version "2.3.4"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.5
Search vendor "Postfix" for product "Postfix" and version "2.3.5"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.6
Search vendor "Postfix" for product "Postfix" and version "2.3.6"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.7
Search vendor "Postfix" for product "Postfix" and version "2.3.7"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.8
Search vendor "Postfix" for product "Postfix" and version "2.3.8"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.9
Search vendor "Postfix" for product "Postfix" and version "2.3.9"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.10
Search vendor "Postfix" for product "Postfix" and version "2.3.10"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.11
Search vendor "Postfix" for product "Postfix" and version "2.3.11"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.12
Search vendor "Postfix" for product "Postfix" and version "2.3.12"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.13
Search vendor "Postfix" for product "Postfix" and version "2.3.13"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.3.14
Search vendor "Postfix" for product "Postfix" and version "2.3.14"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.0
Search vendor "Postfix" for product "Postfix" and version "2.4.0"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.1
Search vendor "Postfix" for product "Postfix" and version "2.4.1"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.2
Search vendor "Postfix" for product "Postfix" and version "2.4.2"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.3
Search vendor "Postfix" for product "Postfix" and version "2.4.3"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.4
Search vendor "Postfix" for product "Postfix" and version "2.4.4"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.5
Search vendor "Postfix" for product "Postfix" and version "2.4.5"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.6
Search vendor "Postfix" for product "Postfix" and version "2.4.6"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.4.7
Search vendor "Postfix" for product "Postfix" and version "2.4.7"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.5.0
Search vendor "Postfix" for product "Postfix" and version "2.5.0"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.5.1
Search vendor "Postfix" for product "Postfix" and version "2.5.1"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.5.2
Search vendor "Postfix" for product "Postfix" and version "2.5.2"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.5.3
Search vendor "Postfix" for product "Postfix" and version "2.5.3"
-
Affected
Postfix
Search vendor "Postfix"
Postfix
Search vendor "Postfix" for product "Postfix"
2.6.0
Search vendor "Postfix" for product "Postfix" and version "2.6.0"
-
Affected