what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-224

Mandriva Linux Security Advisory 2009-224
Posted Sep 1, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-224 - Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. This update provides a solution to this vulnerability.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-2937
SHA-256 | 484433b051fc58ba1b7f551d28aa47085b0e7f28d53fd1880c4b8aecfd1a1824

Mandriva Linux Security Advisory 2009-224

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:224
http://www.mandriva.com/security/
_______________________________________________________________________

Package : postfix
Date : August 30, 2009
Affected: 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in postfix:

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a
mailbox file even when this file is not owned by the recipient, which
allows local users to read e-mail messages by creating a mailbox file
corresponding to another user's account name (CVE-2008-2937).

This update provides a solution to this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
7140f40e139be1cf8125074cab6e81b4 2008.1/i586/libpostfix1-2.5.1-2.3mdv2008.1.i586.rpm
f11354454b5e18ab3c95f97aacca6cb1 2008.1/i586/postfix-2.5.1-2.3mdv2008.1.i586.rpm
b4bea6c762263a307ba52b096e0b477b 2008.1/i586/postfix-ldap-2.5.1-2.3mdv2008.1.i586.rpm
b4e3859a783b67327039243e502aa157 2008.1/i586/postfix-mysql-2.5.1-2.3mdv2008.1.i586.rpm
8c7a5ae2e92c1f2527f21290f8c8d1d6 2008.1/i586/postfix-pcre-2.5.1-2.3mdv2008.1.i586.rpm
4a824e461d20be248d732a0ecee84b17 2008.1/i586/postfix-pgsql-2.5.1-2.3mdv2008.1.i586.rpm
2cf1299ed9de757fec29e360dfb24d83 2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
bb834685ec49101148373ce708b5ed45 2008.1/x86_64/lib64postfix1-2.5.1-2.3mdv2008.1.x86_64.rpm
70fce4a57c601c85bad516b373a88548 2008.1/x86_64/postfix-2.5.1-2.3mdv2008.1.x86_64.rpm
fbf08c4d8b08fd4140843779bd28399b 2008.1/x86_64/postfix-ldap-2.5.1-2.3mdv2008.1.x86_64.rpm
cb40d1532368fff8cca7d05ef975b6d5 2008.1/x86_64/postfix-mysql-2.5.1-2.3mdv2008.1.x86_64.rpm
19a686b12a82ea1fc1baf04fd8246449 2008.1/x86_64/postfix-pcre-2.5.1-2.3mdv2008.1.x86_64.rpm
6cd370a66e8efe86541e73fd165921c9 2008.1/x86_64/postfix-pgsql-2.5.1-2.3mdv2008.1.x86_64.rpm
2cf1299ed9de757fec29e360dfb24d83 2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm

Corporate 3.0:
c31b8d0d1b7cfeffc4114a08c590394b corporate/3.0/i586/libpostfix1-2.1.1-0.5.C30mdk.i586.rpm
522a1d6583d13161f9048b922ef6cf98 corporate/3.0/i586/postfix-2.1.1-0.5.C30mdk.i586.rpm
e5a0cf0f5ebb3a67a53e1d437fc4048e corporate/3.0/i586/postfix-ldap-2.1.1-0.5.C30mdk.i586.rpm
5751e5109eda7b406214a9439dda8baf corporate/3.0/i586/postfix-mysql-2.1.1-0.5.C30mdk.i586.rpm
7641b8ed287b7a710dc9465702918154 corporate/3.0/i586/postfix-pcre-2.1.1-0.5.C30mdk.i586.rpm
cf61094ca95d221df9bdbb24e3adbef6 corporate/3.0/i586/postfix-pgsql-2.1.1-0.5.C30mdk.i586.rpm
b36ec66c7a2e93e6e203f1858478bad7 corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
df9a2254b1450fc898668b7f22a06a6a corporate/3.0/x86_64/lib64postfix1-2.1.1-0.5.C30mdk.x86_64.rpm
ffbfb3a2c9f95842c5214c69e74cf0cf corporate/3.0/x86_64/postfix-2.1.1-0.5.C30mdk.x86_64.rpm
0948f13bb6c5978cb033e33a79604c45 corporate/3.0/x86_64/postfix-ldap-2.1.1-0.5.C30mdk.x86_64.rpm
a6cd459457454d854bd73de328c7489f corporate/3.0/x86_64/postfix-mysql-2.1.1-0.5.C30mdk.x86_64.rpm
aa6c2cec11d17d77e928ee124e1e29d9 corporate/3.0/x86_64/postfix-pcre-2.1.1-0.5.C30mdk.x86_64.rpm
ec8fce55884bb814e84b2891d9be1cce corporate/3.0/x86_64/postfix-pgsql-2.1.1-0.5.C30mdk.x86_64.rpm
b36ec66c7a2e93e6e203f1858478bad7 corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm

Corporate 4.0:
23bf5745a5b5f7457e4d7c346c6bcbb9 corporate/4.0/i586/libpostfix1-2.3.5-0.3.20060mlcs4.i586.rpm
d4ae172e884ce5388edd7808f2371717 corporate/4.0/i586/postfix-2.3.5-0.3.20060mlcs4.i586.rpm
81d27bf78511b84bb31ec4da82d2f8dd corporate/4.0/i586/postfix-ldap-2.3.5-0.3.20060mlcs4.i586.rpm
b438d4b45642c94756b0d74638328322 corporate/4.0/i586/postfix-mysql-2.3.5-0.3.20060mlcs4.i586.rpm
ba4c2a8d4126c10a1640a83098d4c4b9 corporate/4.0/i586/postfix-pcre-2.3.5-0.3.20060mlcs4.i586.rpm
c8a3c2cfbb1f9cea2117d6e0c25f9b4e corporate/4.0/i586/postfix-pgsql-2.3.5-0.3.20060mlcs4.i586.rpm
782004a450a90bbcaa94837c36eb07dd corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
26a2a20d5b6a8f3f56640667ebabe810 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.3.20060mlcs4.x86_64.rpm
85b91925447997c52c15fdc8e4bafbd9 corporate/4.0/x86_64/postfix-2.3.5-0.3.20060mlcs4.x86_64.rpm
7fbac100a9c73446b73c7a1ac5115509 corporate/4.0/x86_64/postfix-ldap-2.3.5-0.3.20060mlcs4.x86_64.rpm
ecbaa69125310c3e1bc6682135b39d61 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.3.20060mlcs4.x86_64.rpm
a194d65c69e642307a54960f0df99294 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.3.20060mlcs4.x86_64.rpm
bf10b2360063f21bf61280fd36ff68eb corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.3.20060mlcs4.x86_64.rpm
782004a450a90bbcaa94837c36eb07dd corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKmsg4mqjQ0CJFipgRAiPcAKDeYjyMPZqfjGw2jz9nDMkfl+WyVwCggbiA
+4owaopmdcKSZ60jJ9vbb0k=
=DMHj
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close