• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: SuSEConfig.postfix chroot Local DoS Attack Vulnerability

Severity: LOW

Description:

SuSEConfig helps configure and reconfigure SuSE Linux systems. The SuSEConfig.postfix script is designed to set up the Postfix mail daemon, and includes the option to create a chroot environment for the Postfix processes. By default, the chroot directory is /var/spool/postfix.

Later in the script, a recursive chmod call sets all files within the /var/spool/postfix directory to be owned by the postfix user. This includes the /var/spool/postfix/maildrop/ directory, which is used by the Postfix sendmail compatibility program to insert local mail into the system.

Under some configurations, the directory /var/spool/postfix/maildrop/ is owned by postfix:maildrop, where maildrop is a group with no users. The command maildrop is then configured to run as guid maildrop, and is called by the sendmail posting program to write to this directory. Files created within this directory will be owned by the user receiving the relevant mail.

If a message is rejected, for example for being larger than allowed by the local system configuration, postdrop will delete this message. If SuSEConfig happens to reset the ownership of these files in the middle of this process, it may be impossible for postdrop to delete the file, resulting in a loss of available drive space.

Without intervention by an administrator, this may lead to a local DoS attack when drive space for incoming mail is exhausted.

This is only a problem if Postfix is installed without a world writable maildrop directory, as described in the Postfix installation documentation.

Affected Products:

• S.u.S.E. Linux 7.0.0
• S.u.S.E. Linux 7.1.0
• S.u.S.E. Linux 7.2.0
• S.u.S.E. Linux 7.3.0
• S.u.S.E. SuSEConfig.postfix 0.0.0

References:

• S.u.S.E.: S.u.S.E. Homepage
• Wietse Venema: Postfix Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.