CVE

Id
35094  
CVE No.
CVE-2008-4977  
Status
Candidate  
Description
** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."  
Phase
Assigned (20081106)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
383954 35094 CVE-2008-4977 MLIST:[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire  View
383955 35094 CVE-2008-4977 URL:http://www.openwall.com/lists/oss-security/2008/10/30/2  View
383956 35094 CVE-2008-4977 MISC:http://bugs.debian.org/496401  View
383957 35094 CVE-2008-4977 MISC:http://dev.gentoo.org/~rbu/security/debiantemp/postfix  View
383958 35094 CVE-2008-4977 MISC:https://bugs.gentoo.org/show_bug.cgi?id=235770  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
51119 JVNDB-2008-006429 REMLAB Web Mech Designer における任意のファイルを上書きされる脆弱性 REMLAB Web Mech Designer には、任意のファイルを上書きされる脆弱性が存在します。 CVE-2008-4981 35094 6.9 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006429.html  View