---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Postfix Symlink Handling and Destination Ownership Security Issues SECUNIA ADVISORY ID: SA31485 VERIFY ADVISORY: http://secunia.com/advisories/31485/ CRITICAL: Less critical IMPACT: Exposure of sensitive information, Privilege escalation WHERE: Local system SOFTWARE: Postfix 2.x http://secunia.com/product/914/ DESCRIPTION: Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. 1) A security issue is caused due to Postfix incorrectly handling symlink files. This can be exploited to e.g. append mail messages to arbitrary files by creating a hardlink to a symlink owned by the root user. Successful exploitation requires write permission to the mail spool directory and that there is no "root" mailbox. 2) A security issue is caused due to Postfix not correctly checking the ownership of the destination when delivering email. This can be exploited to e.g. disclose emails by creating an insecure mailbox file for other users. Successful exploitation requires permission to create files within the mail spool directory. SOLUTION: Update to version 2.5.4 Patchlevel 4. PROVIDED AND/OR DISCOVERED BY: Sebastian Krahmer, SuSE ORIGINAL ADVISORY: SuSE: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html Postfix: http://de.postfix.org/ftpmirror/official/postfix-2.5.4.HISTORY ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------