PT-2008-5224 · Linux+1 · Linux+1

Marc Morata Fitã©

Published

2008-09-12

Updated

2018-10-11

CVE-2008-3889

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Postfix versions 2.4 through 2.4.8 Postfix versions 2.5 through 2.5.4 Postfix versions 2.6 through 2.6-20080901

Description The issue allows local users to cause a denial of service, resulting in application slowdown or exit, by executing a crafted command. This can be demonstrated by a command in a .forward file, which exploits the leak of epoll file descriptors during the execution of non-Postfix commands when used with the Linux 2.6 kernel.

Recommendations For Postfix versions 2.4 through 2.4.8, update to version 2.4.9 or later. For Postfix versions 2.5 through 2.5.4, update to version 2.5.5 or later. For Postfix versions 2.6 through 2.6-20080901, update to version 2.6-20080902 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-3889

Affected Products

Linux

Postfix

PT-2008-5224 · Linux+1 · Linux+1

CVE-2008-3889

Weakness Enumeration

Related Identifiers

Affected Products

References · 26