Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
BID:30977
Info
Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
| Bugtraq ID: | 30977 |
| Class: | Design Error |
| CVE: |
CVE-2008-3889 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 02 2008 12:00AM |
| Updated: | Apr 13 2015 10:15PM |
| Credit: | Wietse Venema |
| Vulnerable: |
Wietse Venema Postfix 2.5.4 Wietse Venema Postfix 2.4.8 Wietse Venema Postfix 2.6 Wietse Venema Postfix 2.5.4 Patchlevel 4 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Client 2008 Turbolinux Appliance Server 3.0 x64 Turbolinux Appliance Server 3.0 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 rPath rPath Linux 2 Pardus Linux 2008 0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Gentoo Linux |
| Not Vulnerable: |
Wietse Venema Postfix 2.5.5 Wietse Venema Postfix 2.4.9 Wietse Venema Postfix 2.6-20080902 |
Discussion
Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
Postfix is prone to a local denial-of-service vulnerability because of a file-descriptor leak that occurs when it executes non-Postfix commands.
Local attackers can exploit this issue to trigger automatic Postfix shutdowns, denying service to legitimate users.
This issue affects Postfix 2.4 and later for Linux kernel 2.6 platforms.
Postfix is prone to a local denial-of-service vulnerability because of a file-descriptor leak that occurs when it executes non-Postfix commands.
Local attackers can exploit this issue to trigger automatic Postfix shutdowns, denying service to legitimate users.
This issue affects Postfix 2.4 and later for Linux kernel 2.6 platforms.
Exploit / POC
Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
The following proof-of-concept code is available:
The following proof-of-concept code is available:
Solution / Fix
Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Solution:
The vendor has released updates. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
-
Mandriva lib64postfix1-2.5.1-2.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-2.5.1-2.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-ldap-2.5.1-2.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-mysql-2.5.1-2.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pcre-2.5.1-2.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pgsql-2.5.1-2.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
Mandriva libpostfix1-2.5.1-2.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-2.5.1-2.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-ldap-2.5.1-2.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-mysql-2.5.1-2.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pcre-2.5.1-2.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pgsql-2.5.1-2.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva lib64postfix1-2.4.5-2.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-2.4.5-2.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-ldap-2.4.5-2.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-mysql-2.4.5-2.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pcre-2.4.5-2.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pgsql-2.4.5-2.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva libpostfix1-2.4.5-2.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-2.4.5-2.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-ldap-2.4.5-2.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-mysql-2.4.5-2.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pcre-2.4.5-2.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva postfix-pgsql-2.4.5-2.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
References
Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
References:
References:
- Postfix Homepage (Wietse Venema)
- [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC (Albert =?ISO-8859-1?Q?Sellar=E8s?=
- Postfix Linux-only local denial of service ([email protected] (Wietse Venema)