Debian DSA-2233-1 : postfix - several vulnerabilities

medium Nessus Plugin ID 53860

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

- CVE-2011-0411 The STARTTLS implementation does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place.

- CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.

Solution

Upgrade the postfix packages.

For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1.

For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1.

See Also

https://security-tracker.debian.org/tracker/CVE-2009-2939

https://security-tracker.debian.org/tracker/CVE-2011-0411

https://security-tracker.debian.org/tracker/CVE-2011-1720

https://packages.debian.org/source/squeeze/postfix

https://www.debian.org/security/2011/dsa-2233

Plugin Details

Severity: Medium

ID: 53860

File Name: debian_DSA-2233.nasl

Version: 1.17

Type: local

Agent: unix

Published: 5/11/2011

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:postfix, cpe:/o:debian:debian_linux:5.0, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 5/10/2011

Reference Information

CVE: CVE-2009-2939, CVE-2011-0411, CVE-2011-1720

BID: 36469, 46767, 47778

CWE: 59

DSA: 2233