oss-sec mailing list archives
Re: CVE request: PostfixAdmin allows to delete protected aliases
From: <cve-assign () mitre org>
Date: Tue, 7 Feb 2017 20:12:24 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/postfixadmin/postfixadmin/pull/23 Thanks to a missing permission check, domain admins can delete aliases they are not allowed to delete (for example abuse@, which the server admin might have setup so that he gets all abuse mails).
Fix security hole in AliasHandler
Use CVE-2017-5930. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYmm+uAAoJEHb/MwWLVhi2PnsQALB+ZtPjFD1KdFcnEe/hPD8f FaB3+gIRWODdVVbr3Z2EPX8QSI0ZxfG0IN1oVqv6WTp4ikJZ0uzHqguA8ldBYaJH ThkW2H9ay+72KaWXG3tc/JM51q6ybxlNSNehaXcBoLbYxFbo4A6FxCXO7q1nt+Ou 0mPpZXxWnrNcpMyk0xRMyHvZZ6vuor9o/qLFKWaKOdptXqzRjBCU21qtntLVByoQ /VJeLbZj27ixHKjmqsZjChYb49JpV4y2Q7banoSEUJbatDWSv1pvXkYwBjsyxj5a 3xIoIEGCxRk4k05egyn1gaPEUb7ZRroxYbnAq29vVAPx3XyKLRR6NJVV90HlrN2W Qw1ueNlVgdkBM17dZM5ODc9a8J0kjN95aCwWnKqQcU7rOhCM0zjpdjueHLVI3aJu vEFut6s/6GKT2oH+AdXODr7AeoUHhA0MYfJ+7g9TEFSwar09Tu9eV1mSYbN6eyUb oS3fWGEA2CthacUg5arw/egSrQik3wLH+vkbepqQpgIkceYQQp9GYNaPUEdohFhN /tDGfNwnY0JtpCJE4tHvAQEbD2z2M9bK8U/m+rtaWJfoH+7e2qSUOV+aoAmzYQRw 8dPdrIQWI302HNJma8L8yJevyJ/6lIvG3tNNVwnJogKNjn7QMVMy39ZfU8o7q7eK BVNqH7trlLm8k6yp2nHY =zNk8 -----END PGP SIGNATURE-----
Current thread:
- CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz (Feb 07)
- Re: CVE request: PostfixAdmin allows to delete protected aliases cve-assign (Feb 07)
- Re: CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz (Feb 08)
- Re: CVE request: PostfixAdmin allows to delete protected aliases cve-assign (Feb 07)