postfix is vulnerable to information disclosure. It was discovered that Postfix did not properly check the permissions of users’ mailbox files. A local attacker able to create files in the mail spool directory could use this flaw to create mailbox files for other local users, and be able to read mail delivered to those users.
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html
secunia.com/advisories/31477
secunia.com/advisories/31485
secunia.com/advisories/31500
secunia.com/advisories/32231
security.gentoo.org/glsa/glsa-200808-12.xml
wiki.rpath.com/Advisories:rPSA-2008-0259
www.mandriva.com/security/advisories?name=MDVSA-2009:224
www.redhat.com/support/errata/RHSA-2011-0422.html
www.securityfocus.com/archive/1/495632/100/0/threaded
www.securityfocus.com/bid/30691
www.vupen.com/english/advisories/2008/2385
access.redhat.com/errata/RHSA-2011:0422
access.redhat.com/security/updates/classification/#moderate
exchange.xforce.ibmcloud.com/vulnerabilities/44461
issues.rpath.com/browse/RPL-2689
www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html