Описание
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | system not installed with a+w /var/mail |
| devel | not-affected | 2.5.4-1ubuntu2 |
| feisty | not-affected | system not installed with a+w /var/mail |
| gutsy | not-affected | system not installed with a+w /var/mail |
| hardy | not-affected | system not installed with a+w /var/mail |
| upstream | released | 2.5.4 |
Показывать по
Ссылки на источники
EPSS
1.9 Low
CVSS2
Связанные уязвимости
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mai ...
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
EPSS
1.9 Low
CVSS2