CVE-2008-2937

Published: 18 August 2008

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.

Priority

Low

Status

Package Release Status
postfix
Launchpad, Ubuntu, Debian
Upstream
Released (2.5.4)