639120 – mail-mta/postfix: undisclosed vulnerabilities resulting in privilege escalation

Bug 639120 - mail-mta/postfix: undisclosed vulnerabilities resulting in privilege escalation

Summary: mail-mta/postfix: undisclosed vulnerabilities resulting in privilege escalation

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.postfix.org/announcements/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-11-28 22:23 UTC by D'juan McDonald (domhnall)
Modified:	2017-12-03 01:38 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-11-28 22:23:37 UTC

From URL:

Berkeley DB versions 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users.



@maintainter(s): Due to the undisclosed vulnerability, I filled this bug for your review. Version 3.2.3 is waiting stabilization, though at this time it is not clear if we are affected. Please weigh-in on if we are or are not currently affected, thank you.

Comment 1 Eray Aslan gentoo-dev

2017-12-01 10:10:39 UTC

mail-mta/postfix-3.1.6 is not vulnerable and stable in the tree.  You should be able to mark this one as fixed.

Comment 2 D'juan McDonald (domhnall) 2017-12-03 01:38:23 UTC

Eray, Thanks for confirming. Will do.