2.1
CVE-2008-3889
- EPSS 0.71%
- Veröffentlicht 12.09.2008 16:56:20
- Zuletzt bearbeitet 16.06.2026 22:56:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.485 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://secunia.com/advisories/31982
http://secunia.com/advisories/32231
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html
http://secunia.com/advisories/31716
http://secunia.com/advisories/31800
http://secunia.com/advisories/31986
http://security.gentoo.org/glsa/glsa-200809-09.xml
http://securityreason.com/securityalert/4239
http://securitytracker.com/id?1020800
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311
http://www.mandriva.com/security/advisories?name=MDVSA-2008:190
http://www.postfix.org/announcements/20080902.html
http://www.securityfocus.com/archive/1/495894/100/0/threaded
http://www.securityfocus.com/archive/1/496420/100/0/threaded
http://www.securityfocus.com/archive/1/498037/100/0/threaded
http://www.securityfocus.com/bid/30977
http://www.ubuntu.com/usn/usn-642-1
http://www.wekk.net/research/CVE-2008-3889/
https://exchange.xforce.ibmcloud.com/vulnerabilities/44865
https://www.exploit-db.com/exploits/6472