CVE-2009-2939

CVE-2009-2939 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

Learn more about our Cis Benchmark Audit For Debian Linux.