SuSE Update For Postfix SUSE-SA:2008:040 Network Vulnerability

Impact

local privilege escalation

Solution

Please Install the Updated Packages.

Insight

Postfix is a well known MTA. During a source code audit the SuSE Security-Team discovered a local privilege escalation bug CVE-2008-2936 as well as a mailbox ownership problem CVE-2008-2937 in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.

Affected

postfix on openSUSE 10.2, openSUSE 10.3, openSUSE 11.0, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise Server 10 SP2

References

http://www.novell.com/linux/security/advisories/2008_40_postfix.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2936, CVE-2008-2937
CVSS Base Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for libexif5
SLES10: Security update for CUPS
SLES10: Security update for clamav
SLES10: Security update for mutt
SLES10: Security update for OpenSSH

SuSE Update for postfix SUSE-SA:2008:040

Take action and discover your vulnerabilities