CVEs-PoC/2008/CVE-2008-2936.md

### [CVE-2008-2936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message.  NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.

### POC

#### Reference
- http://securityreason.com/securityalert/4160
- https://www.exploit-db.com/exploits/6337

#### Github
- https://github.com/c-skills/CVEs