Vulnerability-Lookup

CVE-2008-2937 (GCVE-0-2008-2937)

Vulnerability from cvelistv5 – Published: 2008-08-18 19:00 – Updated: 2024-08-07 09:21

Summary

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/32231	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	ftp://ftp.porcupine.org/mirrors/postfix-release/o…	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://issues.rpath.com/browse/RPL-2689	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/495632/100…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/30691	vdb-entryx_refsource_BID
	http://wiki.rpath.com/Advisories:rPSA-2008-0259	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2011-04…	vendor-advisoryx_refsource_REDHAT
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	ftp://ftp.porcupine.org/mirrors/postfix-release/e…	x_refsource_CONFIRM
	http://secunia.com/advisories/31500	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31477	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31485	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2385	vdb-entryx_refsource_VUPEN
	http://security.gentoo.org/glsa/glsa-200808-12.xml	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-8595",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
          },
          {
            "name": "32231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32231"
          },
          {
            "name": "MDVSA-2009:224",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
          },
          {
            "name": "FEDORA-2008-8593",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2689"
          },
          {
            "name": "20080821 rPSA-2008-0259-1 postfix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
          },
          {
            "name": "postfix-email-information-disclosure(44461)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
          },
          {
            "name": "30691",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30691"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
          },
          {
            "name": "SUSE-SA:2008:040",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
          },
          {
            "name": "RHSA-2011:0422",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
          },
          {
            "name": "31500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31500"
          },
          {
            "name": "31477",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31477"
          },
          {
            "name": "31485",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31485"
          },
          {
            "name": "ADV-2008-2385",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2385"
          },
          {
            "name": "GLSA-200808-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2008-8595",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
        },
        {
          "name": "32231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32231"
        },
        {
          "name": "MDVSA-2009:224",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
        },
        {
          "name": "FEDORA-2008-8593",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2689"
        },
        {
          "name": "20080821 rPSA-2008-0259-1 postfix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
        },
        {
          "name": "postfix-email-information-disclosure(44461)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
        },
        {
          "name": "30691",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30691"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
        },
        {
          "name": "SUSE-SA:2008:040",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
        },
        {
          "name": "RHSA-2011:0422",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
        },
        {
          "name": "31500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31500"
        },
        {
          "name": "31477",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31477"
        },
        {
          "name": "31485",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31485"
        },
        {
          "name": "ADV-2008-2385",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2385"
        },
        {
          "name": "GLSA-200808-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2937",
    "datePublished": "2008-08-18T19:00:00.000Z",
    "dateReserved": "2008-06-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:21:34.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2008-2937

Vulnerability from fkie_nvd - Published: 2008-08-18 19:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
secalert@redhat.com	ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
secalert@redhat.com	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html
secalert@redhat.com	http://secunia.com/advisories/31477
secalert@redhat.com	http://secunia.com/advisories/31485	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31500	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32231
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200808-12.xml
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2008-0259
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:224
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0422.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/495632/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/30691	Patch
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2385
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/44461
secalert@redhat.com	https://issues.rpath.com/browse/RPL-2689
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31477
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31485	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31500	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32231
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200808-12.xml
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2008-0259
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:224
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0422.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495632/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30691	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2385
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44461
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-2689
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html

Impacted products

Vendor	Product	Version
postfix	postfix	2.5.0
postfix	postfix	2.5.1
postfix	postfix	2.5.2
postfix	postfix	2.5.3
postfix	postfix	2.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name."
    },
    {
      "lang": "es",
      "value": "Postfix 2.5 anterior a 2.5.4 y 2.6 anterior a 2.6-20080814 env\u00eda a un archivo buz\u00f3n incluso cuando este archivo no es propiedad del receptor, lo que permite a usuarios locales leer mensajes de correo creando un archivo buz\u00f3n correspondiente con el nombre de cuenta de otro usuario."
    }
  ],
  "evaluatorComment": "Please refer to the following links for additional version information (vendor release notes):\r\n\r\nPostfix 2.5 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.5.4.RELEASE_NOTES\r\n\r\nPostfix 2.6 - ftp://mirrors.loonybin.net/pub/postfix/experimental/postfix-2.6-20080814.RELEASE_NOTES",
  "id": "CVE-2008-2937",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-18T19:41:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
    },
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31477"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31485"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31500"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32231"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30691"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2385"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2689"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=456347\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/",
      "lastModified": "2008-08-19T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-44WX-MCWC-XFG9

Vulnerability from github – Published: 2022-05-03 03:19 – Updated: 2022-05-03 03:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-18T19:41:00Z",
    "severity": "LOW"
  },
  "details": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name.",
  "id": "GHSA-44wx-mcwc-xfg9",
  "modified": "2022-05-03T03:19:19Z",
  "published": "2022-05-03T03:19:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2937"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-2689"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31477"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31485"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31500"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32231"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30691"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2385"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-431

Vulnerability from certfr_avis - Published: 2015-10-15 - Updated: 2015-10-15

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	QFabric 3100 Director versions 12.x
N/A	N/A	ScreenOS
N/A	N/A	CTPView 7.0R3
Juniper Networks	Junos OS	Juniper Junos OS

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10694 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10700 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10703 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10708 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10705 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10706 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10695 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10699 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10697 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10707 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10702 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10704 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10696 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10701 du 14 octobre 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QFabric 3100 Director versions 12.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView 7.0R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2011-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
    },
    {
      "name": "CVE-2013-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
    },
    {
      "name": "CVE-2012-3417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
    },
    {
      "name": "CVE-2014-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2014-8867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
    },
    {
      "name": "CVE-2015-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2009-3490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
    },
    {
      "name": "CVE-2012-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
    },
    {
      "name": "CVE-2010-3433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
    },
    {
      "name": "CVE-2012-5526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
    },
    {
      "name": "CVE-2010-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
    },
    {
      "name": "CVE-2014-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2007-6067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
    },
    {
      "name": "CVE-2010-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
    },
    {
      "name": "CVE-2014-8159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
    },
    {
      "name": "CVE-2010-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
    },
    {
      "name": "CVE-2013-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
    },
    {
      "name": "CVE-2015-1158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2010-4352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
    },
    {
      "name": "CVE-2015-7749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
    },
    {
      "name": "CVE-2011-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
    },
    {
      "name": "CVE-2010-1168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2014-6450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2008-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
    },
    {
      "name": "CVE-2012-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2011-1081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2012-3488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
    },
    {
      "name": "CVE-2015-5361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
    },
    {
      "name": "CVE-2013-6435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
    },
    {
      "name": "CVE-2010-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
    },
    {
      "name": "CVE-2012-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2014-6449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2014-6451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
    },
    {
      "name": "CVE-2012-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
    },
    {
      "name": "CVE-2014-4345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2013-6629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
    },
    {
      "name": "CVE-2014-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
    },
    {
      "name": "CVE-2013-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
    },
    {
      "name": "CVE-2012-0868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
    },
    {
      "name": "CVE-2007-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
    },
    {
      "name": "CVE-2010-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2015-7752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
    },
    {
      "name": "CVE-2010-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
    },
    {
      "name": "CVE-2014-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
    },
    {
      "name": "CVE-2014-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
    },
    {
      "name": "CVE-2007-4772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
    },
    {
      "name": "CVE-2013-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2015-1159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
    },
    {
      "name": "CVE-2011-2200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
    },
    {
      "name": "CVE-2015-7748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
    },
    {
      "name": "CVE-2015-7750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
    },
    {
      "name": "CVE-2015-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2008-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
    },
    {
      "name": "CVE-2010-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
    },
    {
      "name": "CVE-2014-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
    },
    {
      "name": "CVE-2011-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
    },
    {
      "name": "CVE-2014-6448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
    },
    {
      "name": "CVE-2011-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
    },
    {
      "name": "CVE-2010-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
    },
    {
      "name": "CVE-2009-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
    },
    {
      "name": "CVE-2009-4901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
    },
    {
      "name": "CVE-2010-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
    },
    {
      "name": "CVE-2010-4530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
    },
    {
      "name": "CVE-2011-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2014-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
    },
    {
      "name": "CVE-1999-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
    },
    {
      "name": "CVE-2010-4015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
    },
    {
      "name": "CVE-2011-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    },
    {
      "name": "CVE-2012-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
    },
    {
      "name": "CVE-2014-0066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    }
  ],
  "initial_release_date": "2015-10-15T00:00:00",
  "last_revision_date": "2015-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-431",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2008-AVI-420

Vulnerability from certfr_avis - Published: 2008-08-19 - Updated: 2008-08-19

Deux vulnérabilités dans Postfix permettent à un utilisateur malveillant d'élever ses privilèges et de porter atteinte à l'intégrité et à la confidentialité de données.

Description

Le support des liens sur certains systèmes d'exploitation permet à un utilisateur malveillant de modifier des fichiers ne lui appartenant pas ou d'élever ses privilèges par la construction de liens et l'envoi de messages.

Un défaut de vérification des droits sur les boîtes aux lettres permet à un utilisateur malintentionné de lire des courriels qui ne lui sont pas destinés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Postfix dans les version suivantes :

branche 2.3, avant la version 2.3.15 ;
branche 2.4, avant la version 2.4.8 ;
branche 2.5, avant la version 2.5.4 ;
branche 2.6, avant la version 2.6-20080814.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

CVE-2008-2936 et CVE-2008-2937	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0839 du 14 août 2008 :	-	other
Bulletin de sécurité Gentoo GLSA-200808-12 du 14 août 2008 :	-	other
Bulletin de sécurité OpenSuse SUSE-SA:2008:040 du 14 août 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ePostfix dans les version suivantes :  \u003cUL\u003e    \u003cLI\u003ebranche 2.3, avant la version 2.3.15 ;\u003c/LI\u003e    \u003cLI\u003ebranche 2.4, avant la version 2.4.8 ;\u003c/LI\u003e    \u003cLI\u003ebranche 2.5, avant la version 2.5.4 ;\u003c/LI\u003e    \u003cLI\u003ebranche 2.6, avant la version 2.6-20080814.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nLe support des liens sur certains syst\u00e8mes d\u0027exploitation permet \u00e0 un\nutilisateur malveillant de modifier des fichiers ne lui appartenant pas\nou d\u0027\u00e9lever ses privil\u00e8ges par la construction de liens et l\u0027envoi de\nmessages.\n\nUn d\u00e9faut de v\u00e9rification des droits sur les bo\u00eetes aux lettres permet \u00e0\nun utilisateur malintentionn\u00e9 de lire des courriels qui ne lui sont pas\ndestin\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
    },
    {
      "name": "CVE-2008-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2936"
    }
  ],
  "initial_release_date": "2008-08-19T00:00:00",
  "last_revision_date": "2008-08-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0839 du 14 ao\u00fbt 2008    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0839.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200808-12 du 14 ao\u00fbt 2008    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200808-12.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSuse SUSE-SA:2008:040 du 14 ao\u00fbt    2008 :",
      "url": "http://lists.opensuse-security-announce/2008-08/msg00002.html"
    }
  ],
  "reference": "CERTA-2008-AVI-420",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans Postfix permettent \u00e0 un utilisateur malveillant\nd\u0027\u00e9lever ses privil\u00e8ges et de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 de donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de Postfix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "CVE-2008-2936 et CVE-2008-2937",
      "url": null
    }
  ]
}

GSD-2008-2937

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2937

Aliases

CVE-2008-2937

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2937",
    "description": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name.",
    "id": "GSD-2008-2937",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2937.html",
      "https://access.redhat.com/errata/RHSA-2011:0422",
      "https://linux.oracle.com/cve/CVE-2008-2937.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2937"
      ],
      "details": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name.",
      "id": "GSD-2008-2937",
      "modified": "2023-12-13T01:23:00.761986Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-2937",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
            "refsource": "MISC",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY",
            "refsource": "MISC",
            "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
          },
          {
            "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY",
            "refsource": "MISC",
            "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
          },
          {
            "name": "http://secunia.com/advisories/31477",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31477"
          },
          {
            "name": "http://secunia.com/advisories/31485",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31485"
          },
          {
            "name": "http://secunia.com/advisories/31500",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31500"
          },
          {
            "name": "http://secunia.com/advisories/32231",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32231"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200808-12.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0259",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/495632/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/30691",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/30691"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/2385",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/2385"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-2689",
            "refsource": "MISC",
            "url": "https://issues.rpath.com/browse/RPL-2689"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0422.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-2937"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
            },
            {
              "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
            },
            {
              "name": "SUSE-SA:2008:040",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
            },
            {
              "name": "30691",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/30691"
            },
            {
              "name": "31485",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31485"
            },
            {
              "name": "31500",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31500"
            },
            {
              "name": "31477",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31477"
            },
            {
              "name": "GLSA-200808-12",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2689",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-2689"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0259",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
            },
            {
              "name": "FEDORA-2008-8595",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
            },
            {
              "name": "32231",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32231"
            },
            {
              "name": "FEDORA-2008-8593",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
            },
            {
              "name": "MDVSA-2009:224",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
            },
            {
              "name": "ADV-2008-2385",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2385"
            },
            {
              "name": "RHSA-2011:0422",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "postfix-email-information-disclosure(44461)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
            },
            {
              "name": "20080821 rPSA-2008-0259-1 postfix",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:45Z",
      "publishedDate": "2008-08-18T19:41Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2937 (GCVE-0-2008-2937)

FKIE_CVE-2008-2937

GHSA-44WX-MCWC-XFG9

CERTFR-2015-AVI-431

Solution

CERTA-2008-AVI-420

Description

Solution

GSD-2008-2937

Tags

Sightings

Nomenclature