CentOS Update For Postfix CESA-2008:0839 Centos3 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. (CVE-2008-2936) Red Hat would like to thank Sebastian Krahmer for responsibly disclosing this issue. All users of postfix should upgrade to these updated packages, which contain a backported patch that resolves this issue.

Affected

postfix on CentOS 3

References

http://lists.centos.org/pipermail/centos-announce/2008-August/015185.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2936
CVSS Base Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Update for apr CESA-2011:0844 centos5 i386
CentOS Security Advisory CESA-2009:1140 (ruby)
CentOS Security Advisory CESA-2009:1139 (pidgin)
CentOS Security Advisory CESA-2009:1124 (net-snmp)
CentOS Security Advisory CESA-2009:1536 (pidgin)

CentOS Update for postfix CESA-2008:0839 centos3 i386

Take action and discover your vulnerabilities