CVE-2009-2939
CVE-2009-2939 · MEDIUM Severity
AV:L/AC:M/AU:N/C:C/I:C/A:C
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
Learn more about our Cis Benchmark Audit For Debian Linux.