Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:224 (postfix)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64696

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:224 (postfix)

Resumen: The remote host is missing an update to postfix;announced via advisory MDVSA-2009:224.

Descripción: Summary:
The remote host is missing an update to postfix
announced via advisory MDVSA-2009:224.

Vulnerability Insight:
A vulnerability has been found and corrected in postfix:

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a
mailbox file even when this file is not owned by the recipient, which
allows local users to read e-mail messages by creating a mailbox file
corresponding to another user's account name (CVE-2008-2937).

This update provides a solution to this vulnerability.

Affected: 2008.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2937
20080821 rPSA-2008-0259-1 postfix
http://www.securityfocus.com/archive/1/495632/100/0/threaded
30691
http://www.securityfocus.com/bid/30691
31477
http://secunia.com/advisories/31477
31485
http://secunia.com/advisories/31485
31500
http://secunia.com/advisories/31500
32231
http://secunia.com/advisories/32231
ADV-2008-2385
http://www.vupen.com/english/advisories/2008/2385
FEDORA-2008-8593
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html
FEDORA-2008-8595
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
GLSA-200808-12
http://security.gentoo.org/glsa/glsa-200808-12.xml
MDVSA-2009:224
http://www.mandriva.com/security/advisories?name=MDVSA-2009:224
RHSA-2011:0422
http://www.redhat.com/support/errata/RHSA-2011-0422.html
SUSE-SA:2008:040
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://wiki.rpath.com/Advisories:rPSA-2008-0259
https://issues.rpath.com/browse/RPL-2689
postfix-email-information-disclosure(44461)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44461

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64696
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:224 (postfix)
Resumen:	The remote host is missing an update to postfix;announced via advisory MDVSA-2009:224.
Descripción:	Summary: The remote host is missing an update to postfix announced via advisory MDVSA-2009:224. Vulnerability Insight: A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability. Affected: 2008.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2937 20080821 rPSA-2008-0259-1 postfix http://www.securityfocus.com/archive/1/495632/100/0/threaded 30691 http://www.securityfocus.com/bid/30691 31477 http://secunia.com/advisories/31477 31485 http://secunia.com/advisories/31485 31500 http://secunia.com/advisories/31500 32231 http://secunia.com/advisories/32231 ADV-2008-2385 http://www.vupen.com/english/advisories/2008/2385 FEDORA-2008-8593 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html FEDORA-2008-8595 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html GLSA-200808-12 http://security.gentoo.org/glsa/glsa-200808-12.xml MDVSA-2009:224 http://www.mandriva.com/security/advisories?name=MDVSA-2009:224 RHSA-2011:0422 http://www.redhat.com/support/errata/RHSA-2011-0422.html SUSE-SA:2008:040 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://wiki.rpath.com/Advisories:rPSA-2008-0259 https://issues.rpath.com/browse/RPL-2689 postfix-email-information-disclosure(44461) https://exchange.xforce.ibmcloud.com/vulnerabilities/44461
Copyright	Copyright (C) 2009 E-Soft Inc.