Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200809-09
HistorySep 19, 2008 - 12:00 a.m.

Postfix: Denial of service

2008-09-1900:00:00
Gentoo Foundation
security.gentoo.org
14

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

10.2%

JSON

Background

Postfix is Wietse Venema’s mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program.

Description

It has been discovered than Postfix leaks an epoll file descriptor when executing external commands, e.g. user-controlled $HOME/.forward or $HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix instances running on Linux 2.6 kernels.

Impact

A local attacker could exploit this vulnerability to reduce the performance of Postfix, and possibly trigger an assertion, resulting in a Denial of Service.

Workaround

Allow only trusted users to control delivery to non-Postfix commands.

Resolution

All Postfix 2.4 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.4.9"

All Postfix 2.5 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.5.5"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-mta/postfix< 2.4.9UNKNOWN

Related

ubuntu 1
nvd 2
nessus 8
cve 2
cvelist 1
openvas 10
ubuntucve 1
debiancve 1
prion 2
seebug 3
exploitpack 1
exploitdb 1
fedora 2
ubuntu
ubuntu
Postfix vulnerability
2008-09-10 00:00:00
nvd
nvd
CVE-2008-3889
2008-09-12 16:56:20
CVE-2008-4042
2008-09-11 21:06:47
nessus
nessus
GLSA-200809-09 : Postfix: Denial of Service
2008-09-22 00:00:00
Mandriva Linux Security Advisory : postfix (MDVSA-2008:190)
2009-04-23 00:00:00
openSUSE 10 Security Update : postfix (postfix-5603)
2008-09-18 00:00:00
cve
cve
CVE-2008-3889
2008-09-12 16:56:20
CVE-2008-4042
2008-09-11 21:06:47
cvelist
cvelist
CVE-2008-3889
2008-09-12 16:00:00
openvas
openvas
Ubuntu Update for postfix vulnerabilities USN-642-1
2009-03-23 00:00:00
Mandriva Update for postfix MDVSA-2008:190 (postfix)
2009-04-09 00:00:00
Ubuntu: Security Advisory (USN-642-1)
2009-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2008-3889
2008-09-12 00:00:00
debiancve
debiancve
CVE-2008-3889
2008-09-12 16:56:20
prion
prion
Command injection
2008-09-12 16:56:00
Design/Logic Flaw
2008-09-11 21:06:00
seebug
seebug
Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
2014-07-01 00:00:00
Postfix &lt; 2.4.9 2.5.5 2.6-20080902 (.forward) Local DoS Exploit
2008-09-16 00:00:00
Postfix &lt; 2.4.9, 2.5.5, 2.6-20080902 (.forward) Local DoS Exploit
2008-09-17 00:00:00
exploitpack
exploitpack
Postfix 2.4.92.5.52.6-20080902 - .forward Local Denial of Service
2008-09-16 00:00:00
exploitdb
exploitdb
Postfix &lt; 2.4.9/2.5.5/2.6-20080902 - &#039;.forward&#039; Local Denial of Service
2008-09-16 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: postfix-2.5.5-1.fc9
2008-10-09 21:33:24
[SECURITY] Fedora 8 Update: postfix-2.5.5-1.fc8
2008-10-09 21:31:27

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

10.2%

JSON
Related for GLSA-200809-09
ubuntu1nvd2nessus8cve2cvelist1openvas10ubuntucve1debiancve1prion2seebug3exploitpack1exploitdb1fedora2