Mandriva Linux Security Advisory : postfix (MDVSA-2009:224-1)

low Nessus Plugin ID 40813

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A vulnerability has been found and corrected in postfix :

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937).

This update provides a solution to this vulnerability.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Solution

Update the affected packages.

Plugin Details

Severity: Low

ID: 40813

File Name: mandriva_MDVSA-2009-224.nasl

Version: 1.19

Type: local

Family: Mandriva Local Security Checks

Published: 8/31/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64postfix1, p-cpe:/a:mandriva:linux:libpostfix1, p-cpe:/a:mandriva:linux:postfix, p-cpe:/a:mandriva:linux:postfix-ldap, p-cpe:/a:mandriva:linux:postfix-mysql, p-cpe:/a:mandriva:linux:postfix-pcre, p-cpe:/a:mandriva:linux:postfix-pgsql, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/4/2009

Reference Information

CVE: CVE-2008-2937

BID: 30691

CWE: 200

MDVSA: 2009:224-1

Detections

Analytics