[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2937Date: (C)2008-08-18   (M)2023-12-22


Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.9
Exploit Score: 3.4
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/495632/100/0/threaded
BID-30691
SECUNIA-31477
SECUNIA-31485
SECUNIA-31500
SECUNIA-32231
ADV-2008-2385
FEDORA-2008-8593
FEDORA-2008-8595
GLSA-200808-12
MDVSA-2009:224
RHSA-2011:0422
SUSE-SA:2008:040
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://wiki.rpath.com/Advisories:rPSA-2008-0259
https://issues.rpath.com/browse/RPL-2689
postfix-email-information-disclosure(44461)

CPE    5
cpe:/a:postfix:postfix:2.5.1
cpe:/a:postfix:postfix:2.6.0
cpe:/a:postfix:postfix:2.5.2
cpe:/a:postfix:postfix:2.5.3
...
CWE    1
CWE-200
OVAL    7
oval:org.secpod.oval:def:300456
oval:org.secpod.oval:def:300803
oval:org.secpod.oval:def:500040
oval:org.secpod.oval:def:201460
...

© SecPod Technologies