Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-08-18 19:41
Updated : 2024-02-28 11:21
NVD link : CVE-2008-2937
Mitre link : CVE-2008-2937
CVE.ORG link : CVE-2008-2937
JSON object : View
Products Affected
postfix
- postfix
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor