English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 150599 CVE Beschreibungen
und 73533 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1629-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
August 18, 2008                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : postfix
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-2936

Sebastian Krahmer discovered that Postfix, a mail transfer agent,
incorrectly checks the ownership of a mailbox. In some configurations,
this allows for appending data to arbitrary files as root.

The default Debian installation of Postfix is not affected. Only a
configuration meeting the following requirements is vulnerable:
 * The mail delivery style is mailbox, with the Postfix built-in
   local(8) or virtual(8) delivery agents.
 * The mail spool directory is user-writeable.
 * The user can create hardlinks pointing to root-owned symlinks
   located in other directories.

For a detailed treating of this issue, please refer to the upstream
author's announcement:
http://article.gmane.org/gmane.mail.postfix.announce/110

For the stable distribution (etch), this problem has been fixed in
version 2.3.8-2etch1.

For the testing distribution (lenny), this problem has been fixed in
version 2.5.2-2lenny1.

For the unstable distribution (sid), this problem has been fixed
in version 2.5.4-1.

We recommend that you upgrade your postfix package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8.orig.tar.gz
    Size/MD5 checksum:  2787761 a6c560657788fc7a5444fa9ea32f5513
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1.diff.gz
    Size/MD5 checksum:   177462 0827e61a7033e8625d92123c84b32782
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1.dsc
    Size/MD5 checksum:      907 8e9f0c462c57eb2be521714404474aca

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/postfix/postfix-dev_2.3.8-2etch1_all.deb
    Size/MD5 checksum:   130818 5038e376db1c661eb0284f96dff4761a
  http://security.debian.org/pool/updates/main/p/postfix/postfix-doc_2.3.8-2etch1_all.deb
    Size/MD5 checksum:   785408 5db9bdc0300637afd3d508afe2c261dc

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_alpha.deb
    Size/MD5 checksum:  1188364 c8c7f45763ccfd74b84335ea073c551c
  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_alpha.deb
    Size/MD5 checksum:    36556 fcb1c6262baed1402032c2105b83d059
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_alpha.deb
    Size/MD5 checksum:    38746 a0d1334395beda433d586b63b0d60b80
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_alpha.deb
    Size/MD5 checksum:    43408 d9e830efc4532ccddc46f394232959a6
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_alpha.deb
    Size/MD5 checksum:    38596 855c8573280d5b191a12175b2e7afe8c
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_alpha.deb
    Size/MD5 checksum:    38928 579217f55db12977c61b8d437f3ab436

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_amd64.deb
    Size/MD5 checksum:    38318 24205dd0481bb1d78684167d8d20f44f
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_amd64.deb
    Size/MD5 checksum:    38338 50a46f34f638ea42525b98ca985b4f11
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_amd64.deb
    Size/MD5 checksum:    43268 a24dd35f2ec288c2c4f674099e44385f
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_amd64.deb
    Size/MD5 checksum:  1148848 f27f053dffd95b730f1186ed37ed8673
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_amd64.deb
    Size/MD5 checksum:    38460 907b2a8d84a54cdf31ade8c201d3780a
  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_amd64.deb
    Size/MD5 checksum:    36378 1ab120583bcc5873a5350d9786282eab

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_arm.deb
    Size/MD5 checksum:    42742 2d6799c7726a3943a39939baebacdc98
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_arm.deb
    Size/MD5 checksum:    38324 6acd31d6ce0200fdd49043c99459c4c8
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_arm.deb
    Size/MD5 checksum:    38394 52628e6399391671a8512ed25739813c
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_arm.deb
    Size/MD5 checksum:    38592 1db4a21bb2c6f135e342b65317ecb897
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_arm.deb
    Size/MD5 checksum:  1080626 3e05804bf0bf7101ae3e4eec33d1524f
  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_arm.deb
    Size/MD5 checksum:    36378 71361b9cd3c008a9e96e8c23866b1a80

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_hppa.deb
    Size/MD5 checksum:    37504 76b3b4785a5e91fc1010ce32ccee31ed
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_hppa.deb
    Size/MD5 checksum:    45296 73bc72e54d6ef6909fd3df4266061d7b
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_hppa.deb
    Size/MD5 checksum:    40138 807908ccb69444d9aa1917861dc51af9
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_hppa.deb
    Size/MD5 checksum:  1174040 44260c5be83cd1d051de22c155aee72a
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_hppa.deb
    Size/MD5 checksum:    39814 547026b4994dfbf216be7f9ee0487054
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_hppa.deb
    Size/MD5 checksum:    39624 69209a3695bb1568f8c11e6ab4bb792d

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_i386.deb
    Size/MD5 checksum:    36514 2c10b797c15b02828b344693d4f9c597
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_i386.deb
    Size/MD5 checksum:    38680 d1beb196bcc090457a791760b5e7bdfd
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_i386.deb
    Size/MD5 checksum:    38354 d074798f79b42bd245e13b8ce0f3adef
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_i386.deb
    Size/MD5 checksum:    43160 40cc3fc2fc6374a07893321c2758a447
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_i386.deb
    Size/MD5 checksum:    38770 d97f22246f4cb6cb48e4c993ad37daac
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_i386.deb
    Size/MD5 checksum:  1092656 30352104ad6fad91f13b996483e52e5b

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_ia64.deb
    Size/MD5 checksum:    37958 d3628d8f8d4fa6cc760ef77e21acb468
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_ia64.deb
    Size/MD5 checksum:    40762 6c5dcb7f2d6196ddf23a8e6d7b9e5f10
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_ia64.deb
    Size/MD5 checksum:    47878 bb8188e31d1a632164d1bb5dda88a810
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_ia64.deb
    Size/MD5 checksum:  1439608 cfc2f5db48f0f6bcc8ddb3e85a4032d6
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_ia64.deb
    Size/MD5 checksum:    40766 59cd143a5727868aaae30f309286a433
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_ia64.deb
    Size/MD5 checksum:    41066 385bf68a76cd27e12e012bf535a841e0

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_mips.deb
    Size/MD5 checksum:    38194 014b70898f5aae21a95877c4e32f9941
  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_mips.deb
    Size/MD5 checksum:    36186 7c957d531808b35bd6994aeea448e213
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_mips.deb
    Size/MD5 checksum:    38188 29a16989a6414ed3722f1422f46d9cd2
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_mips.deb
    Size/MD5 checksum:    38446 0dc8cfc6f527161b8b4ce16dd8b297c6
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_mips.deb
    Size/MD5 checksum:  1129132 4e6a95c1f4040b7b24ac18ab80455d4d
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_mips.deb
    Size/MD5 checksum:    42376 af1d25a56c756443db89f6aa6a7bbb38

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_powerpc.deb
    Size/MD5 checksum:    37738 ee3c0924d5deb0d61741c9497156c0bf
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_powerpc.deb
    Size/MD5 checksum:    44218 6ade57e38f9948016b71e6373f6f1863
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_powerpc.deb
    Size/MD5 checksum:    39670 6a6597cfb2a225d05963a149386d8fcc
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_powerpc.deb
    Size/MD5 checksum:    39774 3979adcff1c659588beb2e65c5ddb4d3
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_powerpc.deb
    Size/MD5 checksum:  1167716 45d3590893a6b4c3efc99780508f92e1
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_powerpc.deb
    Size/MD5 checksum:    39966 7acc51d59c4c640b8c4963c09c573356

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_s390.deb
    Size/MD5 checksum:    38752 56864ace555741a8e580ac9cdad129c3
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_s390.deb
    Size/MD5 checksum:  1154368 f62e41e9b4d18eaaf76d0096370ceb1f
  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_s390.deb
    Size/MD5 checksum:    36562 9deaaf037d9694a5a09f01743c687a52
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_s390.deb
    Size/MD5 checksum:    38360 6191ba334c80aa5e4dd12df40781c96d
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_s390.deb
    Size/MD5 checksum:    43310 9a73eaee5cfd0b3656976a36c256e676
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_s390.deb
    Size/MD5 checksum:    38918 570c0d157fd6b6b4102122a965d3e6f6

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_sparc.deb
    Size/MD5 checksum:    38198 6ca537558089e41ebbdea7c90f2e4fd4
  http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_sparc.deb
    Size/MD5 checksum:    37906 746615a2cc165a0fcb5aff5be073e289
  http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_sparc.deb
    Size/MD5 checksum:    38058 ac84629509e45bf424752e4852e175e1
  http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_sparc.deb
    Size/MD5 checksum:    36106 55d00480a61daa52578d69081a4e93a6
  http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_sparc.deb
    Size/MD5 checksum:  1080776 87ff76ea63ba069b769b3491fac51670
  http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_sparc.deb
    Size/MD5 checksum:    42910 767373c92a53b62640e69b16749f1fcc


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSKngTmz0hbPcukPfAQKcCgf/RVacZ4VuJKLKuo72HbqHnG/lnOKGOkPV
R1MjmIljkTRXn5WUJD/0ixAt0UuF1lMMtEV+bNSulMbAxKstLfXOreupPN7fwZ+F
bCoUX2YuibzzMb6sXr5LAgQBOjOQ1jDXoCRFTF7FGdMpPsL8f1rn3M4dC59Sxst3
mL7q6Dw4OZKXmQa1cTnVv7GRWgSmOkKGrUsqeHN5E4TC83qdbPmZOyFK/zo+ZvP8
CIuISq0uP5ULr0u+ajaxlDHiY9FpExmpMK7QJoOryxZ5DUdyEt4AsSt4ypKF7jqP
mPAnlgUwZG227a5Pp0kvjNlR+QrxV3JH/+mDA0HBAy3CpF2QSXT4Dw==
=1YVg
-----END PGP SIGNATURE-----

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde

© 1998-2019 E-Soft Inc. Alle Rechte vorbehalten.