6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix
2.5.5 package grants the postfix user write access to
/var/spool/postfix/pid, which might allow local users to conduct symlink
attacks that overwrite arbitrary files.
Author | Note |
---|---|
jdstrand | per Weitse, the symlink attack should not be possible due to defensive programming. A subverted postfix process running as ‘postfix’ could replace the pid file, which master could then send signals to. |