DSA-1629 postfix -- programming errorID: oval:org.mitre.oval:def:7819 | Date: (C)2009-12-15 (M)2023-11-13 |
Class: PATCH | Family: unix |
Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. Note that only specific configurations are vulnerable; the default Debian installation is not affected. Only a configuration meeting the following requirements is vulnerable: For a detailed treating of the issue, please refer to the upstream author's announcement.