CVE-2008-2937

{"id": "CVE-2008-2937", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-18T19:41:00.000", "references": [{"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY", "source": "secalert@redhat.com"}, {"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY", "source": "secalert@redhat.com"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/31477", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/31485", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/31500", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32231", "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml", "source": "secalert@redhat.com"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/30691", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2385", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461", "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-2689", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html", "source": "secalert@redhat.com"}, {"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/31477", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/31485", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/31500", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32231", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30691", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/2385", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.rpath.com/browse/RPL-2689", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name."}, {"lang": "es", "value": "Postfix 2.5 anterior a 2.5.4 y 2.6 anterior a 2.6-20080814 env\u00eda a un archivo buz\u00f3n incluso cuando este archivo no es propiedad del receptor, lo que permite a usuarios locales leer mensajes de correo creando un archivo buz\u00f3n correspondiente con el nombre de cuenta de otro usuario."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197"}, {"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD"}, {"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0"}, {"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201"}, {"criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=456347\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/", "lastModified": "2008-08-19T00:00:00", "organization": "Red Hat"}], "evaluatorComment": "Please refer to the following links for additional version information (vendor release notes):\r\n\r\nPostfix 2.5 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.5.4.RELEASE_NOTES\r\n\r\nPostfix 2.6 - ftp://mirrors.loonybin.net/pub/postfix/experimental/postfix-2.6-20080814.RELEASE_NOTES", "sourceIdentifier": "secalert@redhat.com"}