CVE-2008-4977 - OpenCVE

postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Postfix	Postfix

Configuration 1 [-]

cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/496401
http://dev.gentoo.org/~rbu/security/debiantemp/postfix	Exploit
http://www.openwall.com/lists/oss-security/2008/10/30/2
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://bugs.gentoo.org/show_bug.cgi?id=235811

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:14:01

Updated: 2022-10-03T16:14:01

Reserved: 2022-10-03T00:00:00

Link: CVE-2008-4977

JSON object: View

NVD Information

Status : Modified

Published: 2008-11-06T15:55:52.103

Modified: 2024-05-17T00:40:26.950

Link: CVE-2008-4977

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating \"This is not a real issue ... users would have to edit a script under /usr/lib to enable it."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"tags": ["x_refsource_MISC"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/496401"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4977", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating \"This is not a real issue ... users would have to edit a script under /usr/lib to enable it.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "refsource": "MISC", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix", "refsource": "MISC", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"}, {"name": "http://bugs.debian.org/496401", "refsource": "MISC", "url": "http://bugs.debian.org/496401"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=235811", "refsource": "MISC", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4977", "datePublished": "2022-10-03T16:14:01", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating \"This is not a real issue ... users would have to edit a script under /usr/lib to enable it."}, {"lang": "es", "value": "** CUESTIONADA ** postfix_groups.pl en Postfix v2.5.2 permite a usuarios locales sobrescribir ficheros a su elecci\u00f3n a trav\u00e9s de un ataque de enlace simulado en los ficheros temporales (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, y (3) /tmp/postfix_groups.message. NOTA: El vendedor ha impugnado esta vulnerabilidad, argumentando que \"Este no es un problema real...los usuarios deber\u00edan realizar una secuencia de comandos bajo /usr/lib para poder hacerlo\"."}], "id": "CVE-2008-4977", "lastModified": "2024-05-17T00:40:26.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-06T15:55:52.103", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/496401"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5. Mentioned script is not part of the official postfix distribution and is not included in Red Hat Enterprise Linux postfix packages.", "lastModified": "2008-11-06T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}