CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

DEBIAN-CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

Command injection

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

CVE-2008-3889

CVE-2008-3889 affects Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902 when used with Linux 2.6. It leaks epoll file descriptors during execution of non-Postfix commands (e.g., via .forward), enabling local denial of service (slowdown or exit). The vulnerability is exploita...

CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

USN-642-1: Postfix vulnerability

Wietse Venema discovered that Postfix leaked internal file descriptors when executing non-Postfix commands. A local attacker could exploit this to cause Postfix to run out of descriptors, leading to a denial of service...

Postfix 'epoll' Linux事件处理器本地拒绝服务漏洞

BUGTRAQ ID: 30977 CNCAN ID：CNCAN-2008090307 Postfix是一款开放源代码的邮件传输代理，运行在不同类型的UNIX系统上。 Linux下的Postfix处理非Postfix命令存在问题，本地攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 Linux2.6内核下的Postfix 2.4在执行非postfix命令时存在epoll文件描述符泄漏，如一个用户的$HOME/.forward文件，本地用户访问泄漏的epoll文件描述符可对Postfix实现拒绝服务攻击。攻击可导致降低Postfix性能或使Postfix由于触发内部安全机制而自动关闭。...

FreeBSD Ports: postfix-policyd-weight

The remote host is missing an update to the system as announced in the referenced advisory. VID 072a53e0-0397-11dd-bd06-0017319806e7 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian Security Advisory DSA 1629-1 (postfix)

The remote host is missing an update to postfix announced via advisory DSA 1629-1. OpenVAS Vulnerability Test $Id: deb16291.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1629-1 postfix Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: postfix-policyd-weight

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Debian: Security Advisory (DSA-1629-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1629-1 (postfix)

The remote host is missing an update to postfix announced via advisory DSA 1629-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Postfix mail server hardlinks privilege escalation

It's possible to cause Postfix to deliver mail to system file by using hardlinks to symlink available against standard in Linux, IRIX, Solaris...

Postfix DoS

File descriptor leaks under Linux...

PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, The recent vulnerability in Postfix discovered by Sebastian Krahmer is trivially exploitable when certain preconditions are met. Nevertheless, it's very difficult to find such conditions in a real-world scenario. I wrote this exploit for fun an...

Postfix Linux-only local denial of service

An on-line version of this announcement is available at http://www.postfix.org/announcements/20080902.html Summary: ======== Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of service attack by a local user. There is no breach of data confidentiality or data integrity. This...

Postfix <= 2.6-20080814 (symlink) Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits ==================================================================== Postfix Tested: Ubuntu / Debian Madrid, 30.Aug.2008 Config writabledir=/tmp spooldir=/var/mail Use "postconf mailspooldirectory" to obtain this user=root target=/etc/passwd...