Mandriva Linux Security Advisory : postfix (MDVSA-2008:171)
Medium Nessus Plugin ID 37883
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionSebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to (CVE-2008-2936).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.