Login
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Zugriffsrechten in postfix
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zugriffsrechten in postfix
ID: USN-74-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Fr, 4. Februar 2005, 12:00
Referenzen: http://bugs.debian.org/267837
Applikationen: Postfix

Originalnachricht

===========================================================
Ubuntu Security Notice USN-74-1 February 04, 2005
postfix vulnerability
http://bugs.debian.org/267837
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postfix

The problem can be corrected by upgrading the affected package to
version 2.1.3-1ubuntu17.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
was enabled in the "smtpd_recipient_restrictions", Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.

Source archives:

postfix_2.1.3-1ubuntu17.1.diff.gz
Size/MD5: 411105 ebec5936210e45ace9340f8222d80b7c
postfix_2.1.3-1ubuntu17.1.dsc
Size/MD5: 864 07856f476ec0b61011def96d4516c118
postfix_2.1.3.orig.tar.gz
Size/MD5: 1971632 1f515b0d80cd1f9db0113240bf36f248

Architecture independent packages:

postfix-dev_2.1.3-1ubuntu17.1_all.deb
Size/MD5: 97046 79e78142e88c18575899580bf9b16ca0
postfix-doc_2.1.3-1ubuntu17.1_all.deb
Size/MD5: 643972 e2e331623971c0b0f45970586ff7a083

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

postfix-ldap_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 35436 4bbea082d8d7d5ac5b1ea6f7d6cf8fa0
postfix-mysql_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 31328 08e3729b757df658b99a56e50e9a9d5f
postfix-pcre_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 30904 7ea9aafc438c944ffcd18ae32805e660
postfix-pgsql_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 31636 ba7382b65df65cba401b2cb1ad051a68
postfix-tls_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 156534 b46680cedf669bd7ed9e90bd34d6ca91
postfix_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 820506 bb67674c0e0c5bde0be5e506596cb033

i386 architecture (x86 compatible Intel/AMD)

postfix-ldap_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 34718 959a134b3d0b74faa0b56ded62ed005b
postfix-mysql_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 30826 50142456894a4bc49447f83392257ef6
postfix-pcre_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 30538 bb84db9e33c6b8da8b0dd99603425587
postfix-pgsql_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 31098 606592256cfeda5aa28605185c44e66e
postfix-tls_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 143034 09192e5964ca3b7d237e4c476b0ffb53
postfix_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 763490 0160158cb855957e0176a006176eb8c0

powerpc architecture (Apple Macintosh G3/G4/G5)

postfix-ldap_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 36572 0a88dc7ab945722c44994c850b36dc09
postfix-mysql_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 32724 880fbe7900ad95803eb1d9d0e26a1cf4
postfix-pcre_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 32456 9946903ac57e73a22c159053be39c44d
postfix-pgsql_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 33024 850289233b4d68d1e8dcb8a347fc6cd9
postfix-tls_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 152468 d9e01c2eb71815f2da46870f0fa7353f
postfix_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 826188 77ed80d8e59e914124fc6bbafd07c3b2





--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung