| Vulnerability Name: | CVE-2008-3889 (CCN-44865) | ||||||||||||
| Assigned: | 2008-09-03 | ||||||||||||
| Published: | 2008-09-03 | ||||||||||||
| Updated: | 2018-10-11 | ||||||||||||
| Summary: | Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. | ||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P) 1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3889 Source: SUSE Type: UNKNOWN SUSE-SR:2008:018 Source: CCN Type: SA31716 Postfix epoll File Descriptor Leak Security Issue Source: SECUNIA Type: Vendor Advisory 31716 Source: SECUNIA Type: UNKNOWN 31800 Source: SECUNIA Type: UNKNOWN 31982 Source: SECUNIA Type: UNKNOWN 31986 Source: SECUNIA Type: UNKNOWN 32231 Source: GENTOO Type: UNKNOWN GLSA-200809-09 Source: SREASON Type: UNKNOWN 4239 Source: CCN Type: SECTRACK ID: 1020800 Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service Source: SECTRACK Type: UNKNOWN 1020800 Source: CONFIRM Type: UNKNOWN http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311 Source: CCN Type: GLSA-200809-09 Postfix: Denial of Service Source: MANDRIVA Type: UNKNOWN MDVSA-2008:190 Source: CCN Type: OSVDB ID: 48108 Postfix epoll File Descriptor Leak Local DoS Source: CCN Type: Postfix Web site The Postfix Home Page Source: CCN Type: Postfix Announcements, 9/2/2008 Postfix Linux-only local denial of service Source: CONFIRM Type: Patch http://www.postfix.org/announcements/20080902.html Source: BUGTRAQ Type: UNKNOWN 20080902 Postfix Linux-only local denial of service Source: BUGTRAQ Type: UNKNOWN 20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC Source: BUGTRAQ Type: UNKNOWN 20081104 rPSA-2008-0311-1 postfix Source: BID Type: UNKNOWN 30977 Source: CCN Type: BID-30977 Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability Source: CCN Type: TLSA-2008-33 Postfix denial of service Source: CCN Type: USN-642-1 Postfix vulnerability Source: UBUNTU Type: UNKNOWN USN-642-1 Source: MISC Type: UNKNOWN http://www.wekk.net/research/CVE-2008-3889/ Source: XF Type: UNKNOWN postfix-filedescriptor-dos(44865) Source: XF Type: UNKNOWN postfix-filedescriptor-dos(44865) Source: CCN Type: RPL-2769 postfix denial-of-service CVE-2008-3889 Source: EXPLOIT-DB Type: UNKNOWN 6472 Source: FEDORA Type: UNKNOWN FEDORA-2008-8595 Source: FEDORA Type: UNKNOWN FEDORA-2008-8593 Source: SUSE Type: SUSE-SR:2008:018 SUSE Security Summary Report | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||