ID CVE-2009-2939 Type cve Reporter cve@mitre.org Modified 2011-08-24T03:02:00
Description
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
{"seebug": [{"lastseen": "2017-11-19T18:37:55", "bulletinFamily": "exploit", "description": "Bugraq ID: 36469\r\nCVE ID\uff1aCVE-2009-2939\r\n\r\nPostfix\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u90ae\u4ef6\u4f20\u8f93\u4ee3\u7406\uff0c\u8fd0\u884c\u5728\u4e0d\u540c\u7c7b\u578b\u7684UNIX\u7cfb\u7edf\u4e0a\u3002\r\nDebian\u548cUbuntu\u5305\u542b\u7684Postfix\u4e0d\u5b89\u5168\u5efa\u7acb\u4e34\u65f6\u6587\u4ef6\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u8986\u76d6\u4efb\u610f\u6587\u4ef6\u3002\r\nWietse Venema\u53d1\u73b0Debian\u548cUbuntu\u628a/var/spool/postfix/pid\u7684\u6743\u9650\u8bbe\u7f6e\u4e3apostfix:root 0755\uff0c\u8fd9\u5141\u8bb8postfix\u7528\u6237\u64cd\u4f5cpid\u6587\u4ef6\u5e76\u901a\u8fc7\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u8986\u76d6\u4efb\u610f\u6587\u4ef6\u3002\n\nWietse Venema Postfix 2.5.5 \r\nUbuntu Ubuntu Linux 9.04 sparc\r\nUbuntu Ubuntu Linux 9.04 powerpc\r\nUbuntu Ubuntu Linux 9.04 lpia\r\nUbuntu Ubuntu Linux 9.04 i386\r\nUbuntu Ubuntu Linux 9.04 amd64\r\nUbuntu Ubuntu Linux 8.10 sparc\r\nUbuntu Ubuntu Linux 8.10 powerpc\r\nUbuntu Ubuntu Linux 8.10 lpia\r\nUbuntu Ubuntu Linux 8.10 i386\r\nUbuntu Ubuntu Linux 8.10 amd64\r\nUbuntu Ubuntu Linux 8.04 LTS sparc\r\nUbuntu Ubuntu Linux 8.04 LTS powerpc\r\nUbuntu Ubuntu Linux 8.04 LTS lpia\r\nUbuntu Ubuntu Linux 8.04 LTS i386\r\nUbuntu Ubuntu Linux 8.04 LTS amd64\r\nUbuntu Ubuntu Linux 7.10 sparc\r\nUbuntu Ubuntu Linux 7.10 powerpc\r\nUbuntu Ubuntu Linux 7.10 lpia\r\nUbuntu Ubuntu Linux 7.10 i386\r\nUbuntu Ubuntu Linux 7.10 amd64\r\nUbuntu Ubuntu Linux 7.04 sparc\r\nUbuntu Ubuntu Linux 7.04 powerpc\r\nUbuntu Ubuntu Linux 7.04 i386\r\nUbuntu Ubuntu Linux 7.04 amd64\r\nUbuntu Ubuntu Linux 6.10 sparc\r\nUbuntu Ubuntu Linux 6.10 powerpc\r\nUbuntu Ubuntu Linux 6.10 i386\r\nUbuntu Ubuntu Linux 6.10 amd64\r\nUbuntu Ubuntu Linux 6.06 LTS sparc\r\nUbuntu Ubuntu Linux 6.06 LTS powerpc\r\nUbuntu Ubuntu Linux 6.06 LTS i386\r\nUbuntu Ubuntu Linux 6.06 LTS amd64\r\nDebian Linux 5.0 sparc\r\nDebian Linux 5.0 s/390\r\nDebian Linux 5.0 powerpc\r\nDebian Linux 5.0 mipsel\r\nDebian Linux 5.0 mips\r\nDebian Linux 5.0 m68k\r\nDebian Linux 5.0 ia-64\r\nDebian Linux 5.0 ia-32\r\nDebian Linux 5.0 hppa\r\nDebian Linux 5.0 armel\r\nDebian Linux 5.0 arm\r\nDebian Linux 5.0 amd64\r\nDebian Linux 5.0 alpha\r\nDebian Linux 5.0\r\nDebian Linux 4.0 sparc\r\nDebian Linux 4.0 s/390\r\nDebian Linux 4.0 powerpc\r\nDebian Linux 4.0 mipsel\r\nDebian Linux 4.0 mips\r\nDebian Linux 4.0 m68k\r\nDebian Linux 4.0 ia-64\r\nDebian Linux 4.0 ia-32\r\nDebian Linux 4.0 hppa\r\nDebian Linux 4.0 armel\r\nDebian Linux 4.0 arm\r\nDebian Linux 4.0 amd64\r\nDebian Linux 4.0 alpha\r\nDebian Linux 4.0\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u8865\u4e01\uff1a\r\nWietse Venema Postfix 2.5.5 \r\nWietse Venema 2135-001.bin\r\nhttp://cache.gmane.org//gmane/comp/security/oss/general/2135-001.bin", "modified": "2009-09-25T00:00:00", "published": "2009-09-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12394", "id": "SSV:12394", "title": "Debian\u548cUbuntu Postfix\u4e0d\u5b89\u5168\u4e34\u65f6\u6587\u4ef6\u5efa\u7acb\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "openvas": [{"lastseen": "2017-12-04T11:26:44", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1113-1", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840648", "id": "OPENVAS:840648", "title": "Ubuntu Update for postfix USN-1113-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1113_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for postfix USN-1113-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Postfix package incorrectly granted write access\n on the PID directory to the postfix user. A local attacker could use this\n flaw to possibly conduct a symlink attack and overwrite arbitrary files.\n This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\n Wietse Venema discovered that Postfix incorrectly handled cleartext\n commands after TLS is in place. A remote attacker could exploit this to\n inject cleartext commands into TLS sessions, and possibly obtain\n confidential information such as passwords. (CVE-2011-0411)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1113-1\";\ntag_affected = \"postfix on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 8.04 LTS ,\n Ubuntu 6.06 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1113-1/\");\n script_id(840648);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1113-1\");\n script_cve_id(\"CVE-2009-2939\", \"CVE-2011-0411\");\n script_name(\"Ubuntu Update for postfix USN-1113-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.7.0-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.6.5-3ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.2.10-1ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.7.1-1ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.5.1-2ubuntu1.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:00", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1113-1", "modified": "2019-03-13T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840648", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840648", "title": "Ubuntu Update for postfix USN-1113-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1113_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for postfix USN-1113-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1113-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840648\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1113-1\");\n script_cve_id(\"CVE-2009-2939\", \"CVE-2011-0411\");\n script_name(\"Ubuntu Update for postfix USN-1113-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|9\\.10|6\\.06 LTS|10\\.10|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1113-1\");\n script_tag(name:\"affected\", value:\"postfix on Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10,\n Ubuntu 8.04 LTS,\n Ubuntu 6.06 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Postfix package incorrectly granted write access\n on the PID directory to the postfix user. A local attacker could use this\n flaw to possibly conduct a symlink attack and overwrite arbitrary files.\n This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\n Wietse Venema discovered that Postfix incorrectly handled cleartext\n commands after TLS is in place. A remote attacker could exploit this to\n inject cleartext commands into TLS sessions, and possibly obtain\n confidential information such as passwords. (CVE-2011-0411)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.7.0-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.6.5-3ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.2.10-1ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.7.1-1ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.5.1-2ubuntu1.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to postfix\nannounced via advisory DSA 2233-1.", "modified": "2017-07-07T00:00:00", "published": "2011-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69733", "id": "OPENVAS:69733", "title": "Debian Security Advisory DSA 2233-1 (postfix)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2233_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2233-1 (postfix)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in Postfix, a mail transfer\nagent. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\nThe postinst script grants the postfix user write access to\n/var/spool/postfix/pid, which might allow local users to\nconduct symlink attacks that overwrite arbitrary files.\n\nCVE-2011-0411\nThe STARTTLS implementation does not properly restrict I/O\nbuffering, which allows man-in-the-middle attackers to insert\ncommands into encrypted SMTP sessions by sending a cleartext\ncommand that is processed after TLS is in place.\n\nCVE-2011-1720\nA heap-based read-only buffer overflow allows malicious\nclients to crash the smtpd server process using a crafted SASL\nauthentication request.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1.\n\nWe recommend that you upgrade your postfix packages.\";\ntag_summary = \"The remote host is missing an update to postfix\nannounced via advisory DSA 2233-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202233-1\";\n\n\nif(description)\n{\n script_id(69733);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2939\", \"CVE-2011-0411\", \"CVE-2011-1720\");\n script_name(\"Debian Security Advisory DSA 2233-1 (postfix)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-cdb\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-dev\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-doc\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-ldap\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-mysql\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-pcre\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-pgsql\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-cdb\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-dev\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-doc\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-ldap\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-mysql\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-pcre\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postfix-pgsql\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update to postfix\nannounced via advisory DSA 2233-1.", "modified": "2019-03-18T00:00:00", "published": "2011-08-03T00:00:00", "id": "OPENVAS:136141256231069733", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069733", "title": "Debian Security Advisory DSA 2233-1 (postfix)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2233_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2233-1 (postfix)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69733\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2939\", \"CVE-2011-0411\", \"CVE-2011-1720\");\n script_name(\"Debian Security Advisory DSA 2233-1 (postfix)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202233-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in Postfix, a mail transfer\nagent. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\nThe postinst script grants the postfix user write access to\n/var/spool/postfix/pid, which might allow local users to\nconduct symlink attacks that overwrite arbitrary files.\n\nCVE-2011-0411\nThe STARTTLS implementation does not properly restrict I/O\nbuffering, which allows man-in-the-middle attackers to insert\ncommands into encrypted SMTP sessions by sending a cleartext\ncommand that is processed after TLS is in place.\n\nCVE-2011-1720\nA heap-based read-only buffer overflow allows malicious\nclients to crash the smtpd server process using a crafted SASL\nauthentication request.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your postfix packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to postfix\nannounced via advisory DSA 2233-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-cdb\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-dev\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-doc\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-ldap\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-mysql\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-pcre\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-pgsql\", ver:\"2.5.5-1.1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-cdb\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-dev\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-doc\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-ldap\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-mysql\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-pcre\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postfix-pgsql\", ver:\"2.7.1-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:31", "bulletinFamily": "unix", "description": "It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords. (CVE-2011-0411)", "modified": "2011-04-18T00:00:00", "published": "2011-04-18T00:00:00", "id": "USN-1113-1", "href": "https://usn.ubuntu.com/1113-1/", "title": "Postfix vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-03T12:30:23", "bulletinFamily": "scanner", "description": "It was discovered that the Postfix package incorrectly granted write\naccess on the PID directory to the postfix user. A local attacker\ncould use this flaw to possibly conduct a symlink attack and overwrite\narbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04\nLTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. A remote attacker could exploit this\nto inject cleartext commands into TLS sessions, and possibly obtain\nconfidential information such as passwords. (CVE-2011-0411).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-1113-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55071", "published": "2011-06-13T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : postfix vulnerabilities (USN-1113-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1113-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55071);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2009-2939\", \"CVE-2011-0411\");\n script_bugtraq_id(36469, 46767);\n script_xref(name:\"USN\", value:\"1113-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : postfix vulnerabilities (USN-1113-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Postfix package incorrectly granted write\naccess on the PID directory to the postfix user. A local attacker\ncould use this flaw to possibly conduct a symlink attack and overwrite\narbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04\nLTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. A remote attacker could exploit this\nto inject cleartext commands into TLS sessions, and possibly obtain\nconfidential information such as passwords. (CVE-2011-0411).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1113-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postfix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postfix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postfix\", pkgver:\"2.2.10-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postfix\", pkgver:\"2.5.1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postfix\", pkgver:\"2.6.5-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"postfix\", pkgver:\"2.7.0-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"postfix\", pkgver:\"2.7.1-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postfix\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:21:08", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in Postfix, a mail transfer\nagent. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2009-2939\n The postinst script grants the postfix user write access\n to /var/spool/postfix/pid, which might allow local users\n to conduct symlink attacks that overwrite arbitrary\n files.\n\n - CVE-2011-0411\n The STARTTLS implementation does not properly restrict\n I/O buffering, which allows man-in-the-middle attackers\n to insert commands into encrypted SMTP sessions by\n sending a cleartext command that is processed after TLS\n is in place.\n\n - CVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a\n crafted SASL authentication request.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2233.NASL", "href": "https://www.tenable.com/plugins/nessus/53860", "published": "2011-05-11T00:00:00", "title": "Debian DSA-2233-1 : postfix - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2233. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53860);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2009-2939\", \"CVE-2011-0411\", \"CVE-2011-1720\");\n script_bugtraq_id(36469, 46767, 47778);\n script_xref(name:\"DSA\", value:\"2233\");\n\n script_name(english:\"Debian DSA-2233-1 : postfix - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Postfix, a mail transfer\nagent. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2009-2939\n The postinst script grants the postfix user write access\n to /var/spool/postfix/pid, which might allow local users\n to conduct symlink attacks that overwrite arbitrary\n files.\n\n - CVE-2011-0411\n The STARTTLS implementation does not properly restrict\n I/O buffering, which allows man-in-the-middle attackers\n to insert commands into encrypted SMTP sessions by\n sending a cleartext command that is processed after TLS\n is in place.\n\n - CVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a\n crafted SASL authentication request.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/postfix\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2233\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postfix packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postfix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"postfix\", reference:\"2.5.5-1.1+lenny1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix\", reference:\"2.7.1-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix-cdb\", reference:\"2.7.1-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix-dev\", reference:\"2.7.1-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix-doc\", reference:\"2.7.1-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix-ldap\", reference:\"2.7.1-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix-mysql\", reference:\"2.7.1-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix-pcre\", reference:\"2.7.1-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postfix-pgsql\", reference:\"2.7.1-1+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:53", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2233-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMay 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : postfix\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2939 CVE-2011-0411 CVE-2011-1720\n\nSeveral vulnerabilities were discovered in Postfix, a mail transfer\nagent. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\n The postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files.\n\nCVE-2011-0411\n The STARTTLS implementation does not properly restrict I/O\n buffering, which allows man-in-the-middle attackers to insert\n commands into encrypted SMTP sessions by sending a cleartext\n command that is processed after TLS is in place.\n\nCVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1.\n\nWe recommend that you upgrade your postfix packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-05-10T17:58:13", "published": "2011-05-10T17:58:13", "id": "DEBIAN:DSA-2233-1:FE66E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00102.html", "title": "[SECURITY] [DSA 2233-1] postfix security update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
