Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-636-1: Postfix vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-636-1: Postfix vulnerability
# 1  
Old 08-19-2008
USN-636-1: Postfix vulnerability
Referenced CVEs:
CVE-2008-2936


Description:
=========================================================== Ubuntu Security Notice USN-636-1 August 19, 2008 postfix vulnerability CVE-2008-2936 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.2 Ubuntu 7.04: postfix 2.3.8-2ubuntu0.2 Ubuntu 7.10: postfix 2.4.5-3ubuntu1.2 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

postfix-add-policy

POSTFIX-ADD-POLICY(8)					      System Manager's Manual					     POSTFIX-ADD-POLICY(8)

NAME

       postfix-add-policy - add policy service to Postfix master.cf

SYNOPSIS

       postfix-add-policy [policy name...] [username...] [argv...]

DESCRIPTION

       The  postfix-add-policy(8)  command  adds  an  smtp  policy server named policy name running using username and called as argv to etc/post-
       fix/master.cf to facilitate integration of SMTP policy servers such as postgrey or postfix-policyd-spf-perl.  The configuration is based on
       the Postfix SMTPD_POLICY_README.  Adminstrators should verify it is appropriate for their requirements.

       The original file is copied prior to modification and left in /etc/postfix to make it possible to revert changes easily.

       Available in the Debian package for Postfix version 2.5.3 and later.

DIAGNOSTICS

       If the given policy name  already appears in the master.cf, a message will be printed to standard out and master.cf will not be modified.

ENVIRONMENT

       MAIL_CONFIG
	      Directory with Postfix configuration files.

	      The  postfix-add-policy(8)  command  should  use	this, but it currently doesn't.  It is hard coded to /etc/postfix.  This should be
	      changed.

CONFIGURATION PARAMETERS

       None

FILES

       /etc/postfix/master.cf

SEE ALSO

       postconf(5), Postfix configuration

LICENSE

       This software is licensed under the MIT open source license.

AUTHOR(S)
       Scott Kitterman
       <scott@kitterman.com>

															     POSTFIX-ADD-POLICY(8)