Debian DSA-1629-2 : postfix - programming error
Medium Nessus Plugin ID 33934
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root.
Note that only specific configurations are vulnerable; the default Debian installation is not affected. Only a configuration meeting the following requirements is vulnerable :
- The mail delivery style is mailbox, with the Postfix built-in local(8) or virtual(8) delivery agents.
- The mail spool directory (/var/spool/mail) is user-writeable.
- The user can create hardlinks pointing to root-owned symlinks located in other directories.
For a detailed treating of the issue, please refer to the upstream author's announcement.
SolutionUpgrade the postfix package.
For the stable distribution (etch), this problem has been fixed in version 2.3.8-2+etch1.