ID de Prueba:	1.3.6.1.4.1.25623.1.0.61445
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200808-12 (postfix)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200808-12. Postfix incorrectly checks the ownership of a mailbox, allowing, in certain circumstances, to append data to arbitrary files on a local system with root privileges. Solution: All Postfix users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.5.3-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200808-12 http://bugs.gentoo.org/show_bug.cgi?id=232642 http://article.gmane.org/gmane.mail.postfix.announce/110 CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2936 BugTraq ID: 30691 http://www.securityfocus.com/bid/30691 Bugtraq: 20080814 Postfix local privilege escalation via hardlinked symlinks (Google Search) http://www.securityfocus.com/archive/1/495474/100/0/threaded Bugtraq: 20080821 rPSA-2008-0259-1 postfix (Google Search) http://www.securityfocus.com/archive/1/495632/100/0/threaded Bugtraq: 20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936) (Google Search) http://www.securityfocus.com/archive/1/495882/100/0/threaded CERT/CC vulnerability note: VU#938323 http://www.kb.cert.org/vuls/id/938323 Debian Security Information: DSA-1629 (Google Search) http://www.debian.org/security/2008/dsa-1629 https://www.exploit-db.com/exploits/6337 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html http://security.gentoo.org/glsa/glsa-200808-12.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:171 http://article.gmane.org/gmane.mail.postfix.announce/110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033 http://www.redhat.com/support/errata/RHSA-2008-0839.html http://www.securitytracker.com/id?1020700 http://secunia.com/advisories/31469 http://secunia.com/advisories/31474 http://secunia.com/advisories/31477 http://secunia.com/advisories/31485 http://secunia.com/advisories/31500 http://secunia.com/advisories/31530 http://secunia.com/advisories/32231 http://securityreason.com/securityalert/4160 SuSE Security Announcement: SUSE-SA:2008:040 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html https://usn.ubuntu.com/636-1/ http://www.vupen.com/english/advisories/2008/2385 XForce ISS Database: postfix-symlink-code-execution(44460) https://exchange.xforce.ibmcloud.com/vulnerabilities/44460 Common Vulnerability Exposure (CVE) ID: CVE-2008-2937 http://www.mandriva.com/security/advisories?name=MDVSA-2009:224 http://www.redhat.com/support/errata/RHSA-2011-0422.html XForce ISS Database: postfix-email-information-disclosure(44461) https://exchange.xforce.ibmcloud.com/vulnerabilities/44461
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.