FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postfix-policyd-weight -- working directory symlink vulnerability

Affected packages
postfix-policyd-weight < 0.1.14.17

Details

VuXML ID 072a53e0-0397-11dd-bd06-0017319806e7
Discovery 2008-03-24
Entry 2008-04-06

postfix-policyd-weight does not check for symlink for its working directory. If the working directory is not already setup by the super root, an unprivileged user can link it to another directories in the system. This results in ownership/permission changes on the target directory.

References

Bugtraq ID 28480
Message http://article.gmane.org/gmane.mail.postfix.policyd-weight/815
Message http://article.gmane.org/gmane.mail.postfix.policyd-weight/823