Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-636-1: Postfix vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-636-1: Postfix vulnerability
# 1  
Old 08-19-2008
USN-636-1: Postfix vulnerability
Referenced CVEs:
CVE-2008-2936


Description:
=========================================================== Ubuntu Security Notice USN-636-1 August 19, 2008 postfix vulnerability CVE-2008-2936 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.2 Ubuntu 7.04: postfix 2.3.8-2ubuntu0.2 Ubuntu 7.10: postfix 2.4.5-3ubuntu1.2 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

mysqmail-postfix-logger

mysqmail-postfix-logger(8)				      System Manager's Manual					mysqmail-postfix-logger(8)

NAME

       mysqmail-postfix-logger - logs smtp traffic to a mysql database

SYNOPSIS

       mysqmail-postfix-logger subprogram [ args ...  ]

DESCRIPTION

       mysqmail-postfix-logger	reads the syslog using tail -F and for each lines, does an action in a selected table in the selected mysql server
       (configuration done using /etc/mysqmail.conf). All messages that have been delivered are marqued as so in the from and in the to  field	of
       the smtp traffic table.

       mysqmail-postfix-logger uses a table corresponding to this one:

       CREATE TABLE  IF NOT EXISTS smtp_logs (
	 id int(11) NOT NULL auto_increment,
	 newmsg_id bigint(20) default NULL,
	 bounce_qp int(11) default NULL,
	 bytes int(11) NOT NULL default '0',
	 sender_user varchar(128) NOT NULL default '',
	 sender_domain varchar(128) NOT NULL default '',
	 delivery_id bigint(20) default NULL,
	 delivery_user varchar(128) NOT NULL default '',
	 delivery_domain varchar(128) NOT NULL default '',
	 delivery_success enum('yes','no') NOT NULL default 'no',
	 time_stamp timestamp(14) NOT NULL,
	 PRIMARY KEY  (id),
	 UNIQUE KEY bounce_qp (bounce_qp),
	 UNIQUE KEY newmsg_id (newmsg_id),
	 KEY sender_domain (sender_domain),
	 KEY delivery_domain (delivery_domain) ) TYPE=MyISAM;

VERSION

       This documentation describes mysqmail-postfix-logger version 0.1.4.  See http://gplhost.com/softwares-mysqmail.html for updates.

SEE ALSO

       syslog(3), logger(8)

															mysqmail-postfix-logger(8)