Vigil@nce: SuSE, multiple vulnerabilities
August 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities has been discovered in Postfix.
Gravity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/08/2008
Identifier: VIGILANCE-VUL-8032
IMPACTED PRODUCTS
– Novell Linux Desktop [confidential versions]
– Novell Open Enterprise Server [confidential versions]
– OpenSUSE [confidential versions]
– SUSE LINUX Enterprise Server [confidential versions]
DESCRIPTION
Postfix is a mail server. One of its vulnerabilities can be used
to obtain super-user privileges. [grav:2/4; CVE-2008-2936,
SUSE-SA:2008:040]
A Postfix vulnerability permit to a local user to read mail of
others users. [grav:2/4; SUSE-SA:2008:040]
CHARACTERISTICS
Identifiers: CVE-2008-2936, SUSE-SA:2008:040, VIGILANCE-VUL-8032