LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2009:224 ] postfix Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:224
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postfix
 Date    : August 30, 2009
 Affected: 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in postfix:
 
 Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a
 mailbox file even when this file is not owned by the recipient, which
 allows local users to read e-mail messages by creating a mailbox file
 corresponding to another user's account name (CVE-2008-2937).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 7140f40e139be1cf8125074cab6e81b4  2008.1/i586/libpostfix1-2.5.1-2.3mdv2008.1.i586.rpm
 f11354454b5e18ab3c95f97aacca6cb1  2008.1/i586/postfix-2.5.1-2.3mdv2008.1.i586.rpm
 b4bea6c762263a307ba52b096e0b477b  2008.1/i586/postfix-ldap-2.5.1-2.3mdv2008.1.i586.rpm
 b4e3859a783b67327039243e502aa157  2008.1/i586/postfix-mysql-2.5.1-2.3mdv2008.1.i586.rpm
 8c7a5ae2e92c1f2527f21290f8c8d1d6  2008.1/i586/postfix-pcre-2.5.1-2.3mdv2008.1.i586.rpm
 4a824e461d20be248d732a0ecee84b17  2008.1/i586/postfix-pgsql-2.5.1-2.3mdv2008.1.i586.rpm 
 2cf1299ed9de757fec29e360dfb24d83  2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 bb834685ec49101148373ce708b5ed45  2008.1/x86_64/lib64postfix1-2.5.1-2.3mdv2008.1.x86_64.rpm
 70fce4a57c601c85bad516b373a88548  2008.1/x86_64/postfix-2.5.1-2.3mdv2008.1.x86_64.rpm
 fbf08c4d8b08fd4140843779bd28399b  2008.1/x86_64/postfix-ldap-2.5.1-2.3mdv2008.1.x86_64.rpm
 cb40d1532368fff8cca7d05ef975b6d5  2008.1/x86_64/postfix-mysql-2.5.1-2.3mdv2008.1.x86_64.rpm
 19a686b12a82ea1fc1baf04fd8246449  2008.1/x86_64/postfix-pcre-2.5.1-2.3mdv2008.1.x86_64.rpm
 6cd370a66e8efe86541e73fd165921c9  2008.1/x86_64/postfix-pgsql-2.5.1-2.3mdv2008.1.x86_64.rpm 
 2cf1299ed9de757fec29e360dfb24d83  2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm

 Corporate 3.0:
 c31b8d0d1b7cfeffc4114a08c590394b  corporate/3.0/i586/libpostfix1-2.1.1-0.5.C30mdk.i586.rpm
 522a1d6583d13161f9048b922ef6cf98  corporate/3.0/i586/postfix-2.1.1-0.5.C30mdk.i586.rpm
 e5a0cf0f5ebb3a67a53e1d437fc4048e  corporate/3.0/i586/postfix-ldap-2.1.1-0.5.C30mdk.i586.rpm
 5751e5109eda7b406214a9439dda8baf  corporate/3.0/i586/postfix-mysql-2.1.1-0.5.C30mdk.i586.rpm
 7641b8ed287b7a710dc9465702918154  corporate/3.0/i586/postfix-pcre-2.1.1-0.5.C30mdk.i586.rpm
 cf61094ca95d221df9bdbb24e3adbef6  corporate/3.0/i586/postfix-pgsql-2.1.1-0.5.C30mdk.i586.rpm 
 b36ec66c7a2e93e6e203f1858478bad7  corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 df9a2254b1450fc898668b7f22a06a6a  corporate/3.0/x86_64/lib64postfix1-2.1.1-0.5.C30mdk.x86_64.rpm
 ffbfb3a2c9f95842c5214c69e74cf0cf  corporate/3.0/x86_64/postfix-2.1.1-0.5.C30mdk.x86_64.rpm
 0948f13bb6c5978cb033e33a79604c45  corporate/3.0/x86_64/postfix-ldap-2.1.1-0.5.C30mdk.x86_64.rpm
 a6cd459457454d854bd73de328c7489f  corporate/3.0/x86_64/postfix-mysql-2.1.1-0.5.C30mdk.x86_64.rpm
 aa6c2cec11d17d77e928ee124e1e29d9  corporate/3.0/x86_64/postfix-pcre-2.1.1-0.5.C30mdk.x86_64.rpm
 ec8fce55884bb814e84b2891d9be1cce  corporate/3.0/x86_64/postfix-pgsql-2.1.1-0.5.C30mdk.x86_64.rpm 
 b36ec66c7a2e93e6e203f1858478bad7  corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm

 Corporate 4.0:
 23bf5745a5b5f7457e4d7c346c6bcbb9  corporate/4.0/i586/libpostfix1-2.3.5-0.3.20060mlcs4.i586.rpm
 d4ae172e884ce5388edd7808f2371717  corporate/4.0/i586/postfix-2.3.5-0.3.20060mlcs4.i586.rpm
 81d27bf78511b84bb31ec4da82d2f8dd  corporate/4.0/i586/postfix-ldap-2.3.5-0.3.20060mlcs4.i586.rpm
 b438d4b45642c94756b0d74638328322  corporate/4.0/i586/postfix-mysql-2.3.5-0.3.20060mlcs4.i586.rpm
 ba4c2a8d4126c10a1640a83098d4c4b9  corporate/4.0/i586/postfix-pcre-2.3.5-0.3.20060mlcs4.i586.rpm
 c8a3c2cfbb1f9cea2117d6e0c25f9b4e  corporate/4.0/i586/postfix-pgsql-2.3.5-0.3.20060mlcs4.i586.rpm 
 782004a450a90bbcaa94837c36eb07dd  corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 26a2a20d5b6a8f3f56640667ebabe810  corporate/4.0/x86_64/lib64postfix1-2.3.5-0.3.20060mlcs4.x86_64.rpm
 85b91925447997c52c15fdc8e4bafbd9  corporate/4.0/x86_64/postfix-2.3.5-0.3.20060mlcs4.x86_64.rpm
 7fbac100a9c73446b73c7a1ac5115509  corporate/4.0/x86_64/postfix-ldap-2.3.5-0.3.20060mlcs4.x86_64.rpm
 ecbaa69125310c3e1bc6682135b39d61  corporate/4.0/x86_64/postfix-mysql-2.3.5-0.3.20060mlcs4.x86_64.rpm
 a194d65c69e642307a54960f0df99294  corporate/4.0/x86_64/postfix-pcre-2.3.5-0.3.20060mlcs4.x86_64.rpm
 bf10b2360063f21bf61280fd36ff68eb  corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.3.20060mlcs4.x86_64.rpm 
 782004a450a90bbcaa94837c36eb07dd  corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.