Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SA:2008:040
HistoryAug 14, 2008 - 2:39 p.m.

local privilege escalation in postfix

2008-08-1414:39:29
lists.opensuse.org
102

0.0005 Low

EPSS

Percentile

15.4%

JSON

Postfix is a well known MTA. During a source code audit the SuSE Security-Team discovered a local privilege escalation bug (CVE-2008-2936) as well as a mailbox ownership problem (CVE-2008-2937) in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.

Solution

Please install the update package.

OSVersionArchitecturePackageVersionFilename
Novell Open Enterprise Server (OES)anyi586postfix< 2.1.1-1.24postfix-2.1.1-1.24.i586.rpm
openSUSE10.2i586postfix-mysql< 2.3.2-32postfix-mysql-2.3.2-32.i586.rpm
openSUSE10.2i586postfix-devel< 2.3.2-32postfix-devel-2.3.2-32.i586.rpm
SUSE Linux Enterprise Server10.2i586postfix< 2.2.9-10.26postfix-2.2.9-10.26.i586.rpm
openSUSE10.3i586postfix-mysql< 2.4.5-20.4postfix-mysql-2.4.5-20.4.i586.rpm
SUSE Linux Enterprise Server10.2s390xpostfix< 2.2.9-10.26postfix-2.2.9-10.26.s390x.rpm
openSUSE10.2i586postfix< 2.3.2-32postfix-2.3.2-32.i586.rpm
openSUSE11.0i586postfix-debugsource< 2.5.1-28.3postfix-debugsource-2.5.1-28.3.i586.rpm
openSUSE11.0i586postfix-mysql< 2.5.1-28.3postfix-mysql-2.5.1-28.3.i586.rpm
SUSE Linux Enterprise Server10.2ppcpostfix< 2.2.9-10.26postfix-2.2.9-10.26.ppc.rpm
Rows per page:
1-10 of 211

Related

openvas 41
securityvulns 2
nessus 19
gentoo 1
fedora 2
debian 2
veracode 2
exploitpack 1
prion 2
seebug 2
centos 2
cert 1
cve 2
debiancve 2
oraclelinux 2
packetstorm 1
altlinux 1
redhat 2
ubuntucve 2
cvelist 2
ubuntu 1
exploitdb 1
openvas
openvas
Gentoo Security Advisory GLSA 200808-12 (postfix)
2008-09-24 00:00:00
SuSE Update for postfix SUSE-SA:2008:040
2009-01-23 00:00:00
SLES9: Security update for Postfix
2009-10-10 00:00:00
securityvulns
securityvulns
Postfix mail server hardlinks privilege escalation
2008-09-02 00:00:00
PoCfix &#40;PoC for Postfix local root vuln - CVE-2008-2936&#41;
2008-09-02 00:00:00
nessus
nessus
SuSE9 Security Update : Postfix (YOU Patch Number 12219)
2009-09-24 00:00:00
openSUSE Security Update : postfix (postfix-133)
2009-07-21 00:00:00
SuSE 10 Security Update : Postfix (ZYPP Patch Number 5500)
2008-08-14 00:00:00
gentoo
gentoo
Postfix: Local privilege escalation vulnerability
2008-08-14 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: postfix-2.5.5-1.fc9
2008-10-09 21:33:24
[SECURITY] Fedora 8 Update: postfix-2.5.5-1.fc8
2008-10-09 21:31:27
debian
debian
[SECURITY] [DSA 1629-1] New postfix packages fix privilege escalation
2008-08-18 20:51:36
[SECURITY] [DSA 1629-2] New postfix packages fix installability problem on i386
2008-08-19 09:02:20
veracode
veracode
Privilege Escalation
2020-04-10 00:26:37
Information Disclosure
2020-04-10 00:56:27
exploitpack
exploitpack
Postfix 2.6-20080814 - symlink Local Privilege Escalation
2008-08-31 00:00:00
prion
prion
Hardcoded credentials
2008-08-18 19:41:00
Design/Logic Flaw
2008-08-18 19:41:00
seebug
seebug
Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
2014-07-01 00:00:00
Postfix &lt;= 2.6-20080814 (symlink) Local Privilege Escalation Exploit
2008-08-31 00:00:00
centos
centos
postfix security update
2008-08-15 09:43:49
postfix security update
2011-04-08 12:13:18
cert
cert
Postfix local privilege escalation
2008-08-18 00:00:00
cve
cve
CVE-2008-2936
2008-08-18 19:41:00
CVE-2008-2937
2008-08-18 19:41:00
debiancve
debiancve
CVE-2008-2936
2008-08-18 19:41:00
CVE-2008-2937
2008-08-18 19:41:00
oraclelinux
oraclelinux
postfix security update
2008-08-14 00:00:00
postfix security update
2011-04-06 00:00:00
packetstorm
packetstorm
rs_pocfix.txt
2008-08-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package postfix version 1:2.4.8-alt1
2008-08-05 00:00:00
redhat
redhat
(RHSA-2008:0839) Moderate: postfix security update
2008-08-14 00:00:00
(RHSA-2011:0422) Moderate: postfix security update
2011-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2008-2936
2008-08-18 00:00:00
CVE-2008-2937
2008-08-18 00:00:00
cvelist
cvelist
CVE-2008-2936
2008-08-18 19:00:00
CVE-2008-2937
2008-08-18 19:00:00
ubuntu
ubuntu
Postfix vulnerability
2008-08-19 00:00:00
exploitdb
exploitdb
Postfix 2.6-20080814 - &#039;symlink&#039; Local Privilege Escalation
2008-08-31 00:00:00

0.0005 Low

EPSS

Percentile

15.4%

JSON
Related for SUSE-SA:2008:040
openvas41securityvulns2nessus19gentoo1fedora2debian2veracode2exploitpack1prion2seebug2centos2cert1cve2debiancve2oraclelinux2packetstorm1altlinux1redhat2ubuntucve2cvelist2ubuntu1exploitdb1