CVE-2008-4977 : postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary fil

postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it.

Published 2008-11-06 15:55:52

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-4977

Postfix » Postfix » Version: 2.5.2
cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-4977

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-4977

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-4977

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-4977

Red Hat 2008-11-06

Not vulnerable. This issue did not affect the versions of postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5. Mentioned script is not part of the official postfix distribution and is not included in Red Hat Enterprise Linux postfix packages.

References for CVE-2008-4977

https://bugs.gentoo.org/show_bug.cgi?id=235770

235770 – (debian-tempfile) [Tracker] Tempfile issues found in Debian

CVEs referencing this url
http://dev.gentoo.org/~rbu/security/debiantemp/postfix

404 Not Found
Exploit
http://www.openwall.com/lists/oss-security/2008/10/30/2

oss-security - CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

CVEs referencing this url
https://bugs.gentoo.org/show_bug.cgi?id=235811

235811 – mail-mta/postfix: audit wrt insecure temp file usage
http://bugs.debian.org/496401

#496401 - please make debug code use safe tempfiles - Debian Bug report logs