Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2937

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2008-2937
Last Modified 06 Sep 2011 10:48:00
Published 18 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2937

Summary

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.

Vulnerable Systems

Application

  • Postfix 2.5.0

  • Postfix 2.5.1

  • Postfix 2.5.2

  • Postfix 2.5.3

  • Postfix 2.6.0


References

BID - 30691

SECUNIA - 31500

FEDORA - FEDORA-2008-8593

FEDORA - FEDORA-2008-8595

CONFIRM - https://issues.rpath.com/browse/RPL-2689

XF - postfix-email-information-disclosure(44461)

VUPEN - ADV-2008-2385

BUGTRAQ - 20080821 rPSA-2008-0259-1 postfix

REDHAT - RHSA-2011:0422

MANDRIVA - MDVSA-2009:224

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0259

GENTOO - GLSA-200808-12

SECUNIA - 32231

SECUNIA - 31485

SECUNIA - 31477

SUSE - SUSE-SA:2008:040

CONFIRM - ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY

CONFIRM - ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY

Related Patches

Novell SUSE 2008:5500 postfix security update for SLE 10 i586


Last Updated: 27 May 2016 10:48:02