Mandrake Security Advisory MDVSA-2009:224 (postfix) Network Vulnerability

Summary

The remote host is missing an update to postfix announced via advisory MDVSA-2009:224.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:224

Insight

A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability. Affected: 2008.1, Corporate 3.0, Corporate 4.0

Severity

Classification

CVE CVE-2008-2937

CVSS	Base Score: 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandriva Update for nss_db MDVSA-2010:077 (nss_db)
Mandriva Update for gd MDVSA-2008:038 (gd)
Mandriva Update for amarok MDVSA-2008:172 (amarok)
Mandrake Security Advisory MDVSA-2009:071 (kernel)
Mandriva Update for rsyslog MDVSA-2012:100 (rsyslog)

Take action and discover your vulnerabilities