diff options
| author | Rong-En Fan <rafan@FreeBSD.org> | 2008-04-06 08:50:37 +0000 |
|---|---|---|
| committer | Rong-En Fan <rafan@FreeBSD.org> | 2008-04-06 08:50:37 +0000 |
| commit | 090dbb7b77d15ec9d072089f51c17e73d6e22f59 (patch) | |
| tree | 1138ad3854a8bb76dad0df8fee7dc089aef4fc4e /security | |
| parent | 37a0efa7eba976f3ba8db4f52f12a6f9c6d1c6ea (diff) | |
| download | ports-090dbb7b77d15ec9d072089f51c17e73d6e22f59.tar.gz ports-090dbb7b77d15ec9d072089f51c17e73d6e22f59.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f66d2750e7a3..289ea8b79a10 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,34 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="072a53e0-0397-11dd-bd06-0017319806e7"> + <topic>postfix-policyd-weight -- working directory symlink vulnerability</topic> + <affects> + <package> + <name>postfix-policyd-weight</name> + <range><lt>0.1.14.17</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>postfix-policyd-weight does not check for symlink for its working + directory. If the working directory is not already setup by the + super root, an unprivileged user can link it to another directories + in the system. This results in ownership/permission changes on the + target directory.</p> + </body> + </description> + <references> + <bid>28480</bid> + <url>http://article.gmane.org/gmane.mail.postfix.policyd-weight/815</url> + <url>http://article.gmane.org/gmane.mail.postfix.policyd-weight/823</url> + </references> + <dates> + <discovery>2008-03-27</discovery> + <entry>2008-04-06</entry> + </dates> + </vuln> + <vuln vid="b21790a5-02fb-11dd-bd06-0017319806e7"> <topic>powerdns-recursor -- DNS cache poisoning</topic> <affects> |