Summary
The remote host is missing an update to postfix
announced via advisory MDVSA-2009:224-1.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:224-1
Insight
A vulnerability has been found and corrected in postfix:
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are being provided due to extended support for Corporate products.
Affected: 2008.0
Severity
Classification
-
CVE CVE-2008-2937 -
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities