Vulnerability Description
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postfix | Postfix | 2.5.5 |
| Debian | Debian Linux | 6.06 |
| Ubuntu | Ubuntu Linux | 4.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2011/dsa-2233
- http://www.openwall.com/lists/oss-security/2009/09/18/6Exploit
- http://www.debian.org/security/2011/dsa-2233
- http://www.openwall.com/lists/oss-security/2009/09/18/6Exploit
FAQ
What is CVE-2009-2939?
CVE-2009-2939 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink at...
How severe is CVE-2009-2939?
CVE-2009-2939 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2939?
Check the references section above for vendor advisories and patch information. Affected products include: Postfix Postfix, Debian Debian Linux, Ubuntu Ubuntu Linux.