Ubuntu Update For Postfix Vulnerability USN-636-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-636-1

Solution

Please Install the Updated Packages.

Insight

Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.

Affected

postfix vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Severity

Classification

CVE CVE-2008-2936

CVSS	Base Score: 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for cups, cupsys vulnerabilities USN-906-1
Ubuntu Update for compiz-fusion-plugins-main vulnerability USN-688-1
Ubuntu Update for curl USN-1894-1
Ubuntu Update for dovecot USN-2213-1
Ubuntu Update for colord USN-1289-1

Ubuntu Update for postfix vulnerability USN-636-1

Take action and discover your vulnerabilities