Ubuntu Update for postfix USN-1113-1

Ubuntu Update for Postfix vulnerabilities. Local attacker can conduct symlink attack and overwrite files. Remote attacker can inject cleartext commands into TLS sessions

Reporter	Title	Published	Views	Family All 161
FreeBSD	pureftpd -- multiple vulnerabilities	1 Apr 201100:00	–	freebsd
FreeBSD	postfix -- plaintext command injection with SMTP over TLS	7 Mar 201100:00	–	freebsd
FreeBSD	inn -- plaintext command injection into encrypted channel	14 Aug 201200:00	–	freebsd
Tenable Nessus	CentOS 4 / 5 : postfix (CESA-2011:0422)	11 Apr 201100:00	–	nessus
Tenable Nessus	CentOS 4 / 5 : cyrus-imapd (CESA-2011:0859)	9 Jun 201100:00	–	nessus
Tenable Nessus	Debian DSA-2233-1 : postfix - several vulnerabilities	11 May 201100:00	–	nessus
Tenable Nessus	Fedora 14 : pure-ftpd-1.0.30-1.fc14 (2011-3349)	1 Apr 201100:00	–	nessus
Tenable Nessus	Fedora 13 : postfix-2.7.3-1.fc13 (2011-3355)	24 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 14 : postfix-2.7.3-1.fc14 (2011-3394)	24 Mar 201100:00	–	nessus
Tenable Nessus	FreeBSD : pureftpd -- multiple vulnerabilities (1495f931-8522-11e0-a1c1-00215c6a37bb)	24 May 201100:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/usn/usn-1113-1/

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1113_1.nasl 7964 2017-12-01 07:32:11Z santu $
#
# Ubuntu Update for postfix USN-1113-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "It was discovered that the Postfix package incorrectly granted write access
  on the PID directory to the postfix user. A local attacker could use this
  flaw to possibly conduct a symlink attack and overwrite arbitrary files.
  This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)

  Wietse Venema discovered that Postfix incorrectly handled cleartext
  commands after TLS is in place. A remote attacker could exploit this to
  inject cleartext commands into TLS sessions, and possibly obtain
  confidential information such as passwords. (CVE-2011-0411)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-1113-1";
tag_affected = "postfix on Ubuntu 10.10 ,
  Ubuntu 10.04 LTS ,
  Ubuntu 9.10 ,
  Ubuntu 8.04 LTS ,
  Ubuntu 6.06 LTS";
tag_solution = "Please Install the Updated Packages.";


if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1113-1/");
  script_id(840648);
  script_version("$Revision: 7964 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)");
  script_tag(name:"cvss_base", value:"6.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "USN", value: "1113-1");
  script_cve_id("CVE-2009-2939", "CVE-2011-0411");
  script_name("Ubuntu Update for postfix USN-1113-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU10.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"postfix", ver:"2.7.0-1ubuntu0.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU9.10")
{

  if ((res = isdpkgvuln(pkg:"postfix", ver:"2.6.5-3ubuntu0.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"postfix", ver:"2.2.10-1ubuntu0.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU10.10")
{

  if ((res = isdpkgvuln(pkg:"postfix", ver:"2.7.1-1ubuntu0.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"postfix", ver:"2.5.1-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

01 Dec 2017 00:00Current

8.7High risk

Vulners AI Score8.7

EPSS0.16334