Mandriva Security Advisory MDVSA-2009:224-1 (postfix) Network Vulnerability

Summary

The remote host is missing an update to postfix announced via advisory MDVSA-2009:224-1.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:224-1

Insight

A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0

Severity

Classification

CVE CVE-2008-2937
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandriva Update for timezone MDVA-2010:006 (timezone)
Mandriva Update for samba MDVSA-2012:070 (samba)
Mandriva Update for wireshark MDVSA-2012:125 (wireshark)
Mandrake Security Advisory MDVSA-2009:070 (openoffice.org)
Mandriva Update for cifs-utils MDVSA-2012:069 (cifs-utils)

Take action and discover your vulnerabilities