Postfix: Privilege escalation — GLSA 201709-20

A vulnerability in Postfix may allow local users to gain root privileges.

Affected Packages

mail-mta/postfix on all architectures
Affected versions < 3.1.6
Unaffected versions >= 3.1.6

Background

Postfix is a mail server and an alternative to the widely-used Sendmail program.

Description

By default, Berkeley DB reads a DB_CONFIG configuration file from the current working directory. This is an undocumented behavior.

Impact

A local attacker, by using a specially crafted DG_CONFIG file, could possibly escalate privileges to the root group.

Workaround

There is no known workaround at this time.

Resolution

All Postfix users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/postfix-3.1.6"
 

References

Release Date
September 24, 2017

Latest Revision
September 24, 2017: 1

Severity
high

Exploitable
local

Bugzilla entries