Mail Transfer Agent Vulnerability in Postfix by IBM
CVE-2008-2937

Currently unrated

Key Information:

Vendor: Postfix
Status: Postfix
Vendor: CVE Published:; 18 August 2008

What is CVE-2008-2937?

Postfix, an open-source mail transfer agent, has a vulnerability that permits local users to access confidential email messages. Specifically, versions prior to 2.5.4 and 2.6-20080814 allow messages to be delivered to a mailbox file not owned by the designated recipient. This flaw enables an attacker to create a mailbox file that corresponds to another user's account name, leading to potential unauthorized access to sensitive emails and personal information.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/32231

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2008
Vulnerability Reserved
Jun 30, 2008

CVE-2008-2937 Data

JSON