Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2009-2939

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

  • Published: Sep 21, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-2939
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.9
  • AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
postfix / postfix 2.5.5 2.5.5.x