Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2008-3889

Published: 12/09/2008 Updated: 11/10/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Linux

Vulnerability Summary

Postfix 2.4 prior to 2.4.9, 2.5 prior to 2.5.5, and 2.6 prior to 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.

Vulnerable Product Search on Vulmon Subscribe to Product

postfix postfix 2.4

postfix postfix 2.4.0

postfix postfix 2.4.7

postfix postfix 2.5.1

postfix postfix 2.4.5

postfix postfix 2.4.6

postfix postfix 2.4.1

postfix postfix 2.4.2

postfix postfix 2.5.2

postfix postfix 2.5.3

postfix postfix 2.4.3

postfix postfix 2.4.4

postfix postfix 2.4.8

postfix postfix 2.6

Vendor Advisories

Ubuntu Security Notice: postfix vulnerability
Wietse Venema discovered that Postfix leaked internal file descriptors when executing non-Postfix commands A local attacker could exploit this to cause Postfix to run out of descriptors, leading to a denial of service ...

Exploits

Exploit DB: CVE-2008-4042-exploit.c
Denial of service exploit for Postfix versions 24 before 249, 25 before 255, and 26 before 26-20080902, when used with the Linux 26 kernel ...

References

CWE-20http://www.postfix.org/announcements/20080902.htmlhttp://www.securityfocus.com/bid/30977http://secunia.com/advisories/31716http://secunia.com/advisories/31800http://www.ubuntu.com/usn/usn-642-1http://securitytracker.com/id?1020800http://www.mandriva.com/security/advisories?name=MDVSA-2008:190http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlhttp://www.wekk.net/research/CVE-2008-3889/http://security.gentoo.org/glsa/glsa-200809-09.xmlhttp://secunia.com/advisories/31986http://securityreason.com/securityalert/4239http://secunia.com/advisories/31982https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.htmlhttp://secunia.com/advisories/32231http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311https://exchange.xforce.ibmcloud.com/vulnerabilities/44865https://www.exploit-db.com/exploits/6472http://www.securityfocus.com/archive/1/498037/100/0/threadedhttp://www.securityfocus.com/archive/1/496420/100/0/threadedhttp://www.securityfocus.com/archive/1/495894/100/0/threadedhttps://usn.ubuntu.com/642-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook