Veracode Vulnerability DatabaseVERACODE:24528Information Disclosure
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
postfix is vulnerable to information disclosure. It was discovered that Postfix did not properly check the permissions of users’ mailbox files. A local attacker able to create files in the mail spool directory could use this flaw to create mailbox files for other local users, and be able to read mail delivered to those users.
References
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html
secunia.com/advisories/31477
secunia.com/advisories/31485
secunia.com/advisories/31500
secunia.com/advisories/32231
security.gentoo.org/glsa/glsa-200808-12.xml
wiki.rpath.com/Advisories:rPSA-2008-0259
www.mandriva.com/security/advisories?name=MDVSA-2009:224
www.redhat.com/support/errata/RHSA-2011-0422.html
www.securityfocus.com/archive/1/495632/100/0/threaded
www.securityfocus.com/bid/30691
www.vupen.com/english/advisories/2008/2385
access.redhat.com/errata/RHSA-2011:0422
access.redhat.com/security/updates/classification/#moderate
exchange.xforce.ibmcloud.com/vulnerabilities/44461
issues.rpath.com/browse/RPL-2689
www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html
Related
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N