Mandriva Linux Security Advisory 2009-224 – Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user’s account name. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83480/MDVSA-2009-224-1.txt
Source: https://packetstormsecurity.com/files/83480/Mandriva-Linux-Security-Advisory-2009-224.html