2.1

CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostfixPostfix Version2.4
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.0
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.1
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.2
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.3
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.4
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.5
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.6
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.7
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.4.8
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.5.1
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.5.2
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.5.3
   LinuxLinux Kernel Version2.6
PostfixPostfix Version2.6
   LinuxLinux Kernel Version2.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.485
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://secunia.com/advisories/31982
http://secunia.com/advisories/32231
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html
http://secunia.com/advisories/31716
Vendor Advisory
http://secunia.com/advisories/31800
http://secunia.com/advisories/31986
http://security.gentoo.org/glsa/glsa-200809-09.xml
http://securityreason.com/securityalert/4239
http://securitytracker.com/id?1020800
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311
http://www.mandriva.com/security/advisories?name=MDVSA-2008:190
http://www.postfix.org/announcements/20080902.html
Patch
http://www.securityfocus.com/archive/1/495894/100/0/threaded
http://www.securityfocus.com/archive/1/496420/100/0/threaded
http://www.securityfocus.com/archive/1/498037/100/0/threaded
http://www.securityfocus.com/bid/30977
http://www.ubuntu.com/usn/usn-642-1
http://www.wekk.net/research/CVE-2008-3889/
https://exchange.xforce.ibmcloud.com/vulnerabilities/44865
https://www.exploit-db.com/exploits/6472