PublicDate: 2008-08-18 19:41:00 UTC
Candidate: CVE-2008-2937
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937
Description:
 Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox
 file even when this file is not owned by the recipient, which allows local
 users to read e-mail messages by creating a mailbox file corresponding to
 another user's account name.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: lamont
CVSS: 

Patches_postfix:
upstream_postfix: released (2.5.4)
dapper_postfix: not-affected (system not installed with a+w /var/mail)
feisty_postfix: not-affected (system not installed with a+w /var/mail)
gutsy_postfix: not-affected (system not installed with a+w /var/mail)
hardy_postfix: not-affected (system not installed with a+w /var/mail)
devel_postfix: not-affected (2.5.4-1ubuntu2)