Mandriva Linux Security Advisory : postfix (MDVSA-2009:224-1)

Low Nessus Plugin ID 40813


The remote Mandriva Linux host is missing one or more security updates.


A vulnerability has been found and corrected in postfix :

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937).

This update provides a solution to this vulnerability.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers


Update the affected packages.

Plugin Details

Severity: Low

ID: 40813

File Name: mandriva_MDVSA-2009-224.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2009/08/31

Modified: 2016/05/17

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64postfix1, p-cpe:/a:mandriva:linux:libpostfix1, p-cpe:/a:mandriva:linux:postfix, p-cpe:/a:mandriva:linux:postfix-ldap, p-cpe:/a:mandriva:linux:postfix-mysql, p-cpe:/a:mandriva:linux:postfix-pcre, p-cpe:/a:mandriva:linux:postfix-pgsql, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/12/04

Reference Information

CVE: CVE-2008-2937

BID: 30691

OSVDB: 47659

MDVSA: 2009:224-1

CWE: 200