Ubuntu Update For Postfix USN-1113-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1113-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939) Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords. (CVE-2011-0411)

Affected

postfix on Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 9.10 , Ubuntu 8.04 LTS , Ubuntu 6.06 LTS

Severity

Classification

CVE CVE-2009-2939, CVE-2011-0411

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for dbus USN-2352-1
Ubuntu Update for apport USN-2007-1
Ubuntu Update for clamav vulnerabilities USN-945-1
Ubuntu Update for apr USN-1134-1
Ubuntu Update for clamav vulnerability USN-684-1

Ubuntu Update for postfix USN-1113-1

Take action and discover your vulnerabilities