openSUSE Security Update : postfix (postfix-1969)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The
postfix smtp daemon therefore was reachable over the network by
default. This update therefore resets the value to 'no' in
/etc/sysconfig/mail. If you intentionally want postfix to listen for
remote connection you need to manually set it to 'yes' again.

This update also fixes a problem where the relay database was not
created and postfix refused to start.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=547928
https://bugzilla.novell.com/show_bug.cgi?id=549612
https://bugzilla.novell.com/show_bug.cgi?id=552270
https://bugzilla.novell.com/show_bug.cgi?id=555732
https://bugzilla.novell.com/show_bug.cgi?id=555814
https://bugzilla.novell.com/show_bug.cgi?id=557239
https://bugzilla.novell.com/show_bug.cgi?id=566665

Solution :

Update the affected postfix packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 44623 ()

Bugtraq ID:

CVE ID: CVE-2010-0230

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now