CVE-2008-2937

2008-08-18T19:41:00
ID CVE-2008-2937
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:45:00

Description

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. Please refer to the following links for additional version information (vendor release notes):

Postfix 2.5 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.5.4.RELEASE_NOTES

Postfix 2.6 - ftp://mirrors.loonybin.net/pub/postfix/experimental/postfix-2.6-20080814.RELEASE_NOTES