Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-2937

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.

Related bugs and status

CVE-2008-2937 (Candidate) is related to these bugs:

Bug #258162: Postfix local privilege escalation via hardlinked symlinks

Summary				In	Importance	Status
	258162	Postfix local privilege escalation via hardlinked symlinks		postfix (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.vupen.com/e...
MISC: https://www.redhat.com...
MISC: https://www.redhat.com...
MISC: http://security.gentoo...
MISC: http://www.mandriva.co...
MISC: http://www.redhat.com/...
MISC: http://lists.opensuse....
MISC: ftp://ftp.porcupine.or...
MISC: ftp://ftp.porcupine.or...
MISC: http://kb.juniper.net/...
MISC: http://wiki.rpath.com/...
MISC: https://issues.rpath.c...
MISC: https://exchange.xforc...