Solution
Please Install the Updated Packages.
Insight
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS.
A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. (CVE-2008-2936)
Red Hat would like to thank Sebastian Krahmer for responsibly disclosing this issue.
All users of postfix should upgrade to these updated packages, which contain a backported patch that resolves this issue.
Affected
postfix on CentOS 3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2936 -
CVSS Base Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities