.:[ packet storm ]:.
                               
four continents, one idea
four continents, one idea

 ///  File Name:glsa-200808-12.txt
Description:
Gentoo Linux Security Advisory GLSA 200808-12 - Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Versions less than 2.5.3-r1 are affected.
Homepage:http://security.gentoo.org
File Size:5453
Related CVE(s):CVE-2008-2936, CVE-2008-2937
Last Modified:Aug 14 20:12:35 2008
MD5 Checksum:3d10d7b22f9734485a3dd000961d1cf5

 .:. Back
 

 ///  Last 10 Files
  1. :· DDIVRT-2008-15.txt
  2. :· openssh-cbc-adv.txt
  3. :· joomlathyme-sql.txt
  4. :· BitDefenderDOS.zip
  5. :· fwknop-1.9.9.tar.gz
  6. :· kvirc-exec.txt
  7. :· vcalendar-disclose.txt
  8. :· ZDI-08-076.txt
  9. :· ZDI-08-075.txt
  10. :· toursmanager-blindsql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· DDIVRT-2008-15.txt
  2. :· openssh-cbc-adv.txt
  3. :· ZDI-08-076.txt
  4. :· ZDI-08-075.txt
  5. :· MDVSA-2008-233.txt
  6. :· SSRT080059.txt
  7. :· MDVSA-2008-220-1.txt
  8. :· MDVSA-2008-232.txt
  9. :· USN-674-1.txt
  10. :· dsa-1667-1.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· joomlathyme-sql.txt
  2. :· BitDefenderDOS.zip
  3. :· kvirc-exec.txt
  4. :· vcalendar-disclose.txt
  5. :· toursmanager-blindsql.txt
  6. :· phprsgal-sql.txt
  7. :· natterchat-sql.txt
  8. :· php526-bypass.txt
  9. :· phpfusion7001-sql.txt
  10. :· social-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· fwknop-1.9.9.tar.gz
  2. :· pysumpas-0.2.0.tar.gz
  3. :· framework-3.2.tar.gz
  4. :· tor.uclibc.i686.20081115.iso
  5. :· RFIDIOt-Windows-0.1u.zip
  6. :· RFIDIOt-0.1u.tgz
  7. :· dps-v1.5.tar.gz
  8. :· smbrelay3.zip
  9. :· mptrey.tar.gz
  10. :· dotnetsploitsrc-1.0.zip
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· java2-malware.pdf
  2. :· return-to-libc-linux.txt
  3. :· stack-overflow-linux.txt
  4. :· smallest_setuid_execve_sc.c
  5. :· sudoers-shellcode.txt
  6. :· strongswan-4.2.9.tar.gz
  7. :· hodetector-shellcode.txt
  8. :· rtm-essential5.pdf
  9. :· unixasm-1.3.0.tar.gz
  10. :· bnd-networks.pdf
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice