CVE-2009-2939

Publication date 21 September 2009

Last updated 24 July 2024

Ubuntu priority

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
postfix	10.10 maverick	Fixed 2.6.5-3
	10.04 LTS lucid	Fixed 2.6.5-3
	9.10 karmic	Fixed 2.6.5-3
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Fixed 2.5.1-2ubuntu1.3
	6.06 LTS dapper	Fixed 2.2.10-1ubuntu0.3

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

per Weitse, the symlink attack should not be possible due to defensive programming. A subverted postfix process running as 'postfix' could replace the pid file, which master could then send signals to.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1113-1
Postfix vulnerabilities
18 April 2011

Other references

http://www.openwall.com/lists/oss-security/2009/09/18/6
https://www.cve.org/CVERecord?id=CVE-2009-2939