CVE-2008-2937
Published: 18 August 2008
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Priority
Status
Package | Release | Status |
---|---|---|
postfix Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(system not installed with a+w /var/mail)
|
feisty |
Not vulnerable
(system not installed with a+w /var/mail)
|
|
gutsy |
Not vulnerable
(system not installed with a+w /var/mail)
|
|
hardy |
Not vulnerable
(system not installed with a+w /var/mail)
|
|
upstream |
Released
(2.5.4)
|