Test ID:	1.3.6.1.4.1.25623.1.0.122561
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2008-0839)
Summary:	The remote host is missing an update for the 'postfix' package(s) announced via the ELSA-2008-0839 advisory.
Description:	Summary: The remote host is missing an update for the 'postfix' package(s) announced via the ELSA-2008-0839 advisory. Vulnerability Insight: [2.3.3-2.1] - fixed postfix privilege problem with symlinks in the mail spool directory (CVE-2008-2936) Resolves: rhbz#456717 Affected Software/OS: 'postfix' package(s) on Oracle Linux 3, Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2936 1020700 http://www.securitytracker.com/id?1020700 20080814 Postfix local privilege escalation via hardlinked symlinks http://www.securityfocus.com/archive/1/495474/100/0/threaded 20080821 rPSA-2008-0259-1 postfix http://www.securityfocus.com/archive/1/495632/100/0/threaded 20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936) http://www.securityfocus.com/archive/1/495882/100/0/threaded 30691 http://www.securityfocus.com/bid/30691 31469 http://secunia.com/advisories/31469 31474 http://secunia.com/advisories/31474 31477 http://secunia.com/advisories/31477 31485 http://secunia.com/advisories/31485 31500 http://secunia.com/advisories/31500 31530 http://secunia.com/advisories/31530 32231 http://secunia.com/advisories/32231 4160 http://securityreason.com/securityalert/4160 6337 https://www.exploit-db.com/exploits/6337 ADV-2008-2385 http://www.vupen.com/english/advisories/2008/2385 DSA-1629 http://www.debian.org/security/2008/dsa-1629 FEDORA-2008-8593 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html FEDORA-2008-8595 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html GLSA-200808-12 http://security.gentoo.org/glsa/glsa-200808-12.xml MDVSA-2008:171 http://www.mandriva.com/security/advisories?name=MDVSA-2008:171 RHSA-2008:0839 http://www.redhat.com/support/errata/RHSA-2008-0839.html SUSE-SA:2008:040 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html USN-636-1 https://usn.ubuntu.com/636-1/ VU#938323 http://www.kb.cert.org/vuls/id/938323 [postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks http://article.gmane.org/gmane.mail.postfix.announce/110 ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY http://wiki.rpath.com/Advisories:rPSA-2008-0259 https://issues.rpath.com/browse/RPL-2689 oval:org.mitre.oval:def:10033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033 postfix-symlink-code-execution(44460) https://exchange.xforce.ibmcloud.com/vulnerabilities/44460
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.