CVE-2008-4977

** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
Configurations

Configuration 1

cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*

Information

Published : 2008-11-06 03:55

Updated : 2008-11-06 03:55


NVD link : CVE-2008-4977

Mitre link : CVE-2008-4977

Products Affected
No products.
CWE