Summary
The remote host is missing an update to policyd-weight announced via advisory DSA 1531-2.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201531-2
Insight
The previous update for policyd-weight was unfortunately not complete.
Updated packages have been released that fully address the vulnerability.
For reference the original advisory follows.
Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitary files from the local system.
For the stable distribution (etch), this problem has been fixed in version 0.1.14-beta-6etch2.
The old stable distribution (sarge) does not contain a policyd-weight package.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your policyd-weight package.
Severity
Classification
-
CVE CVE-2008-1569 -
CVSS Base Score: 3.3
AV:L/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities