7 matches found
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : postfix vulnerabilities (USN-1113-1)
It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. CVE-2009-2939 Wiets...
Debian DSA-2233-1 : postfix - several vulnerabilities
Several vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to...
[SECURITY] [DSA 2233-1] postfix security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2233-1 [email protected] http://www.debian.org/security/ Florian Weimer May 10, 2011 http://www.debian.org/security/faq -...
CVE-2009-2939
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files...
CVE-2009-2939
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files...
CVE-2009-2939
CVE-2009-2939 affects Postfix on Debian/Ubuntu where the postinst script grants the postfix user write access to /var/spool/postfix/pid, enabling local users to perform symlink attacks that can overwrite arbitrary files. Connected advisories confirm the issue across multiple distributions and rep...
CVE-2009-2939
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files...