CVE-2017-5930

NameCVE-2017-5930
DescriptionThe AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs854742

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
postfixadmin (PTS)jessie2.3.7-1fixed
stretch3.0.2-2fixed
buster3.2.1-2fixed
sid, trixie, bookworm3.3.13-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postfixadminsourcewheezy(not affected)
postfixadminsourcejessie(not affected)
postfixadminsource(unstable)3.0.2-1854742

Notes

[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
[wheezy] - postfixadmin <not-affected> (Vulnerable code not present)
https://www.openwall.com/lists/oss-security/2017/02/07/6
Search for package or bug name: Reporting problems