CVE-2008-2937

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-08-18 19:41

Updated : 2024-02-28 11:21


NVD link : CVE-2008-2937

Mitre link : CVE-2008-2937

CVE.ORG link : CVE-2008-2937


JSON object : View

Products Affected

postfix

  • postfix
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor