USN-636-1: Postfix vulnerability

08-19-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-636-1: Postfix vulnerability

Referenced CVEs:
CVE-2008-2936

Description:
=========================================================== Ubuntu Security Notice USN-636-1 August 19, 2008 postfix vulnerability CVE-2008-2936 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.2 Ubuntu 7.04: postfix 2.3.8-2ubuntu0.2 Ubuntu 7.10: postfix 2.4.5-3ubuntu1.2 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

OCF_HEARTBEAT_POSTFI(7) OCF resource agents OCF_HEARTBEAT_POSTFI(7) NAME
ocf_heartbeat_postfix - Manages a highly available Postfix mail server instance SYNOPSIS
postfix [start | stop | monitor | meta-data | validate-all] DESCRIPTION
This script manages Postfix as an OCF resource in a high-availability setup. SUPPORTED PARAMETERS
binary Full path to the Postfix binary. For example, "/usr/sbin/postfix". (optional, string, default "/usr/sbin/postfix") config_dir Full path to a Postfix configuration directory. For example, "/etc/postfix". (unique, optional, string, no default) parameters The Postfix daemon may be called with additional parameters. Specify any of them here. (optional, string, no default) SUPPORTED ACTIONS
This resource agent supports the following actions (operations): start Starts the resource. Suggested minimum timeout: 20s. stop Stops the resource. Suggested minimum timeout: 20s. reload Suggested minimum timeout: 20s. monitor Performs a detailed status check. Suggested minimum timeout: 20s. Suggested interval: 60s. validate-all Performs a validation of the resource configuration. Suggested minimum timeout: 20s. meta-data Retrieves resource agent metadata (internal use only). Suggested minimum timeout: 5s. EXAMPLE
The following is an example configuration for a postfix resource using the crm(8) shell: primitive p_postfix ocf:heartbeat:postfix op monitor depth="0" timeout="20s" interval="60s" SEE ALSO
http://www.linux-ha.org/wiki/postfix_(resource_agent) AUTHOR
Linux-HA contributors (see the resource agent source for information about individual authors) resource-agents UNKNOWN 06/09/2014 OCF_HEARTBEAT_POSTFI(7)

Security Advisories (RSS)

USN-636-1: Postfix vulnerability

LEARN ABOUT CENTOS

ocf_heartbeat_postfix