postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:14:01
Updated: 2022-10-03T16:14:01
Reserved: 2022-10-03T00:00:00
Link: CVE-2008-4977
JSON object: View
NVD Information
Status : Modified
Published: 2008-11-06T15:55:52.103
Modified: 2024-05-17T00:40:26.950
Link: CVE-2008-4977
JSON object: View
Redhat Information
No data.
CWE