Linux Security Forum
 
  

Go Back   Linux Security Forum > Linux Security > New Exploits
Reload this Page Ubuntu - postfix
Register Blogs FAQ Members List Calendar Search Today's Posts Mark Forums Read

Notices
Welcome to the Linux Security Forum.

This forum is dedicated to the discussion of Linux security, security software, website security, and network security. Feel free to ask questions about Linux related security issues. You will also find articles on Linux security topics, and notifications of new exploits for common Linux packages. Be sure to register for the forum, and you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join the Linux Security Forum community today!

If you have any problems with the registration process or your account login, please contact contact us.

New Exploits Details on new exploits affecting common Linux distributions will be listed here

Reply
 
Thread Tools
  #1  
Old 08-20-2008
drendeah drendeah is offline
Super Moderator
  
Join Date: Jul 2008
Posts: 294
Blog Entries: 1
Rep Power: 101
drendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond repute
Default Ubuntu - postfix
================================================== =========
Ubuntu Security Notice USN-636-1 August 19, 2008
postfix vulnerability
CVE-2008-2936
================================================== =========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
postfix 2.2.10-1ubuntu0.2

Ubuntu 7.04:
postfix 2.3.8-2ubuntu0.2

Ubuntu 7.10:
postfix 2.4.5-3ubuntu1.2

Ubuntu 8.04 LTS:
postfix 2.5.1-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user.
The default Ubuntu configuration was not vulnerable.
Reply With Quote
  #2  
Old 10-02-2008
ramesh.mimit ramesh.mimit is offline
Newbie
  
Join Date: Oct 2008
Posts: 8
Rep Power: 0
ramesh.mimit is on a distinguished road
Default Re: Ubuntu - postfix
thanks for posting the thread as i currenty using ubuntu 8.04 postfix on my production server..
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
postfix, ubuntu

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 01:31 PM.

Contact Us - Linux Security Forum - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Advertisement System V2.3 By   Branden