Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-636-1: Postfix vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-636-1: Postfix vulnerability
# 1  
Old 08-19-2008
USN-636-1: Postfix vulnerability
Referenced CVEs:
CVE-2008-2936


Description:
=========================================================== Ubuntu Security Notice USN-636-1 August 19, 2008 postfix vulnerability CVE-2008-2936 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.2 Ubuntu 7.04: postfix 2.3.8-2ubuntu0.2 Ubuntu 7.10: postfix 2.4.5-3ubuntu1.2 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pmdapostfix

PMDAPOSTFIX(1)						       Performance Co-Pilot						    PMDAPOSTFIX(1)

NAME

       pmdapostfix - Postfix performance metrics domain agent (PMDA)

DESCRIPTION

       pmdapostfix is a Performance Metrics Domain Agent (PMDA) which exports mail queue sizes as reported by qshape(1), as well as aggregate
       statistics collected from mail.log.

INSTALLATION

       If you want access to the names and values for the Postfix performance metrics, do the following as root:

	   # cd $PCP_PMDAS_DIR/postfix
	   # ./Install

       If you want to undo the installation, do the following as root:

	   # cd $PCP_PMDAS_DIR/postfix
	   # ./Remove

       pmdapostfix is launched by pmcd(1) and should never be executed directly.  The Install and Remove scripts notify pmcd(1) when the agent is
       installed or removed.

FILES

       $PCP_PMDAS_DIR/postfix/Install
	   installation script for the pmdapostfix agent

       $PCP_PMDAS_DIR/postfix/Remove
	   undo installation script for the pmdapostfix agent

       $PCP_LOG_DIR/pmcd/postfix.log
	   default log file for error messages from pmdapostfix

SEE ALSO

       pmcd(1) and qshape(1).

3.8.10							       Performance Co-Pilot						    PMDAPOSTFIX(1)