FreeBSD : postfix-policyd-weight -- working directory symlink vulnerability (072a53e0-0397-11dd-bd06-0017319806e7)

Low Nessus Plugin ID 31830


The remote FreeBSD host is missing a security-related update.


postfix-policyd-weight does not check for symlink for its working directory. If the working directory is not already setup by the super root, an unprivileged user can link it to another directories in the system. This results in ownership/permission changes on the target directory.


Update the affected package.

See Also

Plugin Details

Severity: Low

ID: 31830

File Name: freebsd_pkg_072a53e0039711ddbd060017319806e7.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2008/04/11

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 3.3

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:postfix-policyd-weight, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/04/06

Vulnerability Publication Date: 2008/03/24

Reference Information

CVE: CVE-2008-1569

BID: 28480

CWE: 59