CVE-2008-2937 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2008-2937
Status Candidate
Description Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Severity Low
CVSS score 1,9
CVSS vector (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Phase Assigned (06.09.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2937
References BID : 30691
BUGTRAQ : 20080821 rPSA-2008-0259-1 postfix
CONFIRM : ftp://ftp.porcupine.org/mirrors/postfix-release/ex...
CONFIRM : ftp://ftp.porcupine.org/mirrors/postfix-release/of...
CONFIRM : http://wiki.rpath.com/Advisories:rPSA-2008-0259
CONFIRM : https://issues.rpath.com/browse/RPL-2689
FEDORA : FEDORA-2008-8593
FEDORA : FEDORA-2008-8595
GENTOO : GLSA-200808-12
MANDRIVA : MDVSA-2009:224
SECUNIA : 31477
SECUNIA : 31485
SECUNIA : 31500
SECUNIA : 32231
SUSE : SUSE-SA:2008:040
VUPEN : ADV-2008-2385
XF : postfix-email-information-disclosure(44461)
SecurityVulns: Postfix mail server hardlinks privilege escalation

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server