DEBIAN-CVE-2008-2937

DEBIAN-CVE-2008-2937 PUBLISHED

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.

Affected Products

Vendor	Product	Versions
Debian:14	postfix	0, 0, 0
Debian:13	postfix	0, 0, 0
Debian:11	postfix	0, 0, 0
Debian:12	postfix	0, 0, 0

Timeline

Aug 18, 2008 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2008-2937 advisory

Open in Interactive Console →