Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory. Publish Date : 2018-04-16
Thank god I run Postfix (Score:4, Insightful)
While any program can have nasty bugs crop up in it, I don't recall Postfix having any holes this nasty since I started running it 10 years ago.
Postfix also runs as a none privileged account. I'm surprised the OpenBSD guys didn't write their SMTP server to do the same....
everything has issues Postfix is not immune... (Score:3)
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Publish Date : 2018-04-16
pay more attention
Re: (Score:2)
Yes, a local privilege escalation is equivalent to an RCE. /s
Pay more attention? How about "know what you're talking about before opening your mouth"?