Lucene search
UbuntuUSN-642-1HistorySep 10, 2008 - 12:00 a.m.
Postfix vulnerability
2008-09-1000:00:00
ubuntu.com
32
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.2%
Releases
- Ubuntu 8.04
- Ubuntu 7.10
Packages
- postfix -
Details
Wietse Venema discovered that Postfix leaked internal file descriptors
when executing non-Postfix commands. A local attacker could exploit
this to cause Postfix to run out of descriptors, leading to a denial
of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 8.04 | noarch | postfix | < 2.5.1-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-cdb | < 2.5.1-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-ldap | < 2.5.1-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-mysql | < 2.5.1-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-pcre | < 2.5.1-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 8.04 | noarch | postfix-pgsql | < 2.5.1-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix | < 2.4.5-3ubuntu1.3 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix-cdb | < 2.4.5-3ubuntu1.3 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix-ldap | < 2.4.5-3ubuntu1.3 | UNKNOWN |
| Ubuntu | 7.10 | noarch | postfix-mysql | < 2.4.5-3ubuntu1.3 | UNKNOWN |
References
Related
nvd
nvd
CVE-2008-3889
2008-09-12 16:56:20
CVE-2008-4042
2008-09-11 21:06:47
nessus
nessus
GLSA-200809-09 : Postfix: Denial of Service
2008-09-22 00:00:00
Mandriva Linux Security Advisory : postfix (MDVSA-2008:190)
2009-04-23 00:00:00
openSUSE 10 Security Update : postfix (postfix-5603)
2008-09-18 00:00:00
cve
cve
CVE-2008-3889
2008-09-12 16:56:20
CVE-2008-4042
2008-09-11 21:06:47
cvelist
cvelist
CVE-2008-3889
2008-09-12 16:00:00
openvas
openvas
Ubuntu Update for postfix vulnerabilities USN-642-1
2009-03-23 00:00:00
Mandriva Update for postfix MDVSA-2008:190 (postfix)
2009-04-09 00:00:00
Ubuntu: Security Advisory (USN-642-1)
2009-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2008-3889
2008-09-12 00:00:00
debiancve
debiancve
CVE-2008-3889
2008-09-12 16:56:20
gentoo
gentoo
Postfix: Denial of service
2008-09-19 00:00:00
prion
prion
Command injection
2008-09-12 16:56:00
Design/Logic Flaw
2008-09-11 21:06:00
seebug
seebug
Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
2014-07-01 00:00:00
Postfix < 2.4.9 2.5.5 2.6-20080902 (.forward) Local DoS Exploit
2008-09-16 00:00:00
Postfix < 2.4.9, 2.5.5, 2.6-20080902 (.forward) Local DoS Exploit
2008-09-17 00:00:00
exploitpack
exploitpack
Postfix 2.4.92.5.52.6-20080902 - .forward Local Denial of Service
2008-09-16 00:00:00
exploitdb
exploitdb
fedora
fedora
[SECURITY] Fedora 9 Update: postfix-2.5.5-1.fc9
2008-10-09 21:33:24
[SECURITY] Fedora 8 Update: postfix-2.5.5-1.fc8
2008-10-09 21:31:27
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.2%
Related for USN-642-1