858 matches found
CVE-2008-2936
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...
CVE-2008-2937
CVE-2008-2937 affects Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814. It allows a local user to read mail by delivering to a mailbox file not owned by the recipient (matching another user name). Remediation requires upgrading to Postfix 2.5.4+ or 2.6-20080814+. The provided documents confir...
CVE-2008-2936
CVE-2008-2936 - Postfix local privilege escalation : Affects Postfix as shipped before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 20080814. On OSes that support hard links to symlinks, a local user can fail-dangerously append mail to a root-owned symlink’s target by creating a har...
CVE-2008-2937
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name...
CVE-2008-2936
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...
CVE-2008-2937
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name...
DSA-1629-1 postfix - privilege escalation
Bulletin has no description...
Postfix local privilege escalation
Overview The Postfix MTA contains a local privilege escalation vulnerability. Description Postfix is an mail transport agent MTA that is used by several Unix-like operating systems. Symbolic links and hard links are types of files that reference other files. Unlike hard links, symbolic links can...
postfix security update
CentOS Errata and Security Advisory CESA-2008:0818 Updated hplip packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The hplip Hewlett-Packard Linux Imaging...
postfix security update
CentOS Errata and Security Advisory CESA-2008:0839 Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Postfix is a Mail Transport Agent...
CentOS 3 / 4 / 5 : postfix (CESA-2008:0839)
Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. A fl...
GLSA-200808-12 : Postfix: Local privilege escalation vulnerability
The remote host is affected by the vulnerability described in GLSA-200808-12 Postfix: Local privilege escalation vulnerability Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not...
openSUSE 10 Security Update : postfix (postfix-5501)
A local privilege escalation vulnerability as well as a mailbox ownership problem has been fixed in postfix. CVE-2008-2936 and CVE-2008-2937 have been assigned to this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...
RHEL 3 / 4 / 5 : postfix (RHSA-2008:0839)
Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. A fl...
postfix privilege escalation flaw
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...
Moderate: Red Hat Security Advisory: postfix security update
Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. A fl...
PT-2008-4373 · Postfix +1 · Postfix +1
Name of the Vulnerable Software and Affected Versions: Postfix versions prior to 2.3.15 Postfix versions 2.4 prior to 2.4.8 Postfix versions 2.5 prior to 2.5.4 Postfix versions 2.6 prior to 2.6-20080814 Description: The issue allows local users to append e-mail messages to a file to which a...
postfix security update
2.3.3-2.1 - fixed postfix privilege problem with symlinks in the mail spool directory CVE-2008-2936 Resolves: rhbz456717...
Postfix local privilege escalation via hardlinked symlinks
Summary: Solaris and Linux file system behavior has changed over time, breaking one of the assumptions in Postfix. See below for a description of the behavior and how it disagrees with standards. Postfix is not affected on systems with standard POSIX, X/Open file system behavior, i.e. BSD, AIX,...
Postfix: Local privilege escalation vulnerability
Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under...