Test Kennung:	1.3.6.1.4.1.25623.1.0.61445
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200808-12 (postfix)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200808-12.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200808-12. Vulnerability Insight: Postfix incorrectly checks the ownership of a mailbox, allowing, in certain circumstances, to append data to arbitrary files on a local system with root privileges. Solution: All Postfix users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.5.3-r1' CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2936 1020700 http://www.securitytracker.com/id?1020700 20080814 Postfix local privilege escalation via hardlinked symlinks http://www.securityfocus.com/archive/1/495474/100/0/threaded 20080821 rPSA-2008-0259-1 postfix http://www.securityfocus.com/archive/1/495632/100/0/threaded 20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936) http://www.securityfocus.com/archive/1/495882/100/0/threaded 30691 http://www.securityfocus.com/bid/30691 31469 http://secunia.com/advisories/31469 31474 http://secunia.com/advisories/31474 31477 http://secunia.com/advisories/31477 31485 http://secunia.com/advisories/31485 31500 http://secunia.com/advisories/31500 31530 http://secunia.com/advisories/31530 32231 http://secunia.com/advisories/32231 4160 http://securityreason.com/securityalert/4160 6337 https://www.exploit-db.com/exploits/6337 ADV-2008-2385 http://www.vupen.com/english/advisories/2008/2385 DSA-1629 http://www.debian.org/security/2008/dsa-1629 FEDORA-2008-8593 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html FEDORA-2008-8595 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html GLSA-200808-12 http://security.gentoo.org/glsa/glsa-200808-12.xml MDVSA-2008:171 http://www.mandriva.com/security/advisories?name=MDVSA-2008:171 RHSA-2008:0839 http://www.redhat.com/support/errata/RHSA-2008-0839.html SUSE-SA:2008:040 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html USN-636-1 https://usn.ubuntu.com/636-1/ VU#938323 http://www.kb.cert.org/vuls/id/938323 [postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks http://article.gmane.org/gmane.mail.postfix.announce/110 ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY http://wiki.rpath.com/Advisories:rPSA-2008-0259 https://issues.rpath.com/browse/RPL-2689 oval:org.mitre.oval:def:10033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033 postfix-symlink-code-execution(44460) https://exchange.xforce.ibmcloud.com/vulnerabilities/44460 Common Vulnerability Exposure (CVE) ID: CVE-2008-2937 MDVSA-2009:224 http://www.mandriva.com/security/advisories?name=MDVSA-2009:224 RHSA-2011:0422 http://www.redhat.com/support/errata/RHSA-2011-0422.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 postfix-email-information-disclosure(44461) https://exchange.xforce.ibmcloud.com/vulnerabilities/44461
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.