Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1629-1] New postfix packages fix privilege escalation (

From Thijs Kinkhorst@1:229/2 to All on Mon Aug 18 23:00:19 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1629-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
August 18, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : postfix
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-2936

Sebastian Krahmer discovered that Postfix, a mail transfer agent,
incorrectly checks the ownership of a mailbox. In some configurations,
this allows for appending data to arbitrary files as root.

The default Debian installation of Postfix is not affected. Only a configuration meeting the following requirements is vulnerable:
* The mail delivery style is mailbox, with the Postfix built-in
local(8) or virtual(8) delivery agents.
* The mail spool directory is user-writeable.
* The user can create hardlinks pointing to root-owned symlinks
located in other directories.

For a detailed treating of this issue, please refer to the upstream
author's announcement:
http://article.gmane.org/gmane.mail.postfix.announce/110

For the stable distribution (etch), this problem has been fixed in
version 2.3.8-2etch1.

For the testing distribution (lenny), this problem has been fixed in
version 2.5.2-2lenny1.

For the unstable distribution (sid), this problem has been fixed
in version 2.5.4-1.

We recommend that you upgrade your postfix package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8.orig.tar.gz
Size/MD5 checksum: 2787761 a6c560657788fc7a5444fa9ea32f5513
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1.diff.gz
Size/MD5 checksum: 177462 0827e61a7033e8625d92123c84b32782
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1.dsc
Size/MD5 checksum: 907 8e9f0c462c57eb2be521714404474aca

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/postfix/postfix-dev_2.3.8-2etch1_all.deb
Size/MD5 checksum: 130818 5038e376db1c661eb0284f96dff4761a
http://security.debian.org/pool/updates/main/p/postfix/postfix-doc_2.3.8-2etch1_all.deb
Size/MD5 checksum: 785408 5db9bdc0300637afd3d508afe2c261dc

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_alpha.deb
Size/MD5 checksum: 1188364 c8c7f45763ccfd74b84335ea073c551c
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_alpha.deb
Size/MD5 checksum: 36556 fcb1c6262baed1402032c2105b83d059
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_alpha.deb
Size/MD5 checksum: 38746 a0d1334395beda433d586b63b0d60b80
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_alpha.deb
Size/MD5 checksum: 43408 d9e830efc4532ccddc46f394232959a6
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_alpha.deb
Size/MD5 checksum: 38596 855c8573280d5b191a12175b2e7afe8c
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_alpha.deb
Size/MD5 checksum: 38928 579217f55db12977c61b8d437f3ab436

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_amd64.deb
Size/MD5 checksum: 38318 24205dd0481bb1d78684167d8d20f44f
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_amd64.deb
Size/MD5 checksum: 38338 50a46f34f638ea42525b98ca985b4f11
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_amd64.deb
Size/MD5 checksum: 43268 a24dd35f2ec288c2c4f674099e44385f
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_amd64.deb
Size/MD5 checksum: 1148848 f27f053dffd95b730f1186ed37ed8673
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_amd64.deb
Size/MD5 checksum: 38460 907b2a8d84a54cdf31ade8c201d3780a
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_amd64.deb
Size/MD5 checksum: 36378 1ab120583bcc5873a5350d9786282eab

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_arm.deb
Size/MD5 checksum: 42742 2d6799c7726a3943a39939baebacdc98
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2etch1_arm.deb
Size/MD5 checksum: 38324 6acd31d6ce0200fdd49043c99459c4c8
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2etch1_arm.deb
Size/MD5 checksum: 38394 52628e6399391671a8512ed25739813c
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_arm.deb
Size/MD5 checksum: 38592 1db4a21bb2c6f135e342b65317ecb897
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_arm.deb
Size/MD5 checksum: 1080626 3e05804bf0bf7101ae3e4eec33d1524f
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_arm.deb
Size/MD5 checksum: 36378 71361b9cd3c008a9e96e8c23866b1a80

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2etch1_hppa.deb
Size/MD5 checksum: 37504 76b3b4785a5e91fc1010ce32ccee31ed
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2etch1_hppa.deb
Size/MD5 checksum: 45296 73bc72e54d6ef6909fd3df4266061d7b
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2etch1_hppa.deb
Size/MD5 checksum: 40138 807908ccb69444d9aa1917861dc51af9
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2etch1_hppa.deb
Size/MD5 checksum: 1174040 44260c5be83cd1d051de22c155aee72a

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	161:53:05
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,778

[SECURITY] [DSA 1629-1] New postfix packages fix privilege escalation (

Who's Online

Recent Visitors

System Info