Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2008-3889
HistorySep 12, 2008 - 4:56 p.m.

CVE-2008-3889

2008-09-1216:56:20
CWE-20
mitre
web.nvd.nist.gov
48
postfix
linux
kernel
epoll
denial of service
cve-2008-3889

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6

Confidence

High

EPSS

0

Percentile

10.1%

JSON

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of “non-Postfix” commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.

Affected configurations

Nvd
Node
linuxlinux_kernelMatch2.6
AND
postfixpostfixMatch2.4
OR
postfixpostfixMatch2.4.0
OR
postfixpostfixMatch2.4.1
OR
postfixpostfixMatch2.4.2
OR
postfixpostfixMatch2.4.3
OR
postfixpostfixMatch2.4.4
OR
postfixpostfixMatch2.4.5
OR
postfixpostfixMatch2.4.6
OR
postfixpostfixMatch2.4.7
OR
postfixpostfixMatch2.4.8
OR
postfixpostfixMatch2.5.1
OR
postfixpostfixMatch2.5.2
OR
postfixpostfixMatch2.5.3
OR
postfixpostfixMatch2.6
VendorProductVersionCPE
linuxlinux_kernel2.6cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*
postfixpostfix2.4cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*
postfixpostfix2.4.0cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*
postfixpostfix2.4.1cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*
postfixpostfix2.4.2cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*
postfixpostfix2.4.3cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*
postfixpostfix2.4.4cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*
postfixpostfix2.4.5cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*
postfixpostfix2.4.6cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*
postfixpostfix2.4.7cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*
Rows per page:
1-10 of 151

References

Related

openvas 10
nessus 8
ubuntu 1
nvd 2
cvelist 1
prion 2
gentoo 1
ubuntucve 1
debiancve 1
cve 1
exploitdb 1
zdt 1
exploitpack 1
seebug 3
fedora 2
openvas
openvas
Gentoo Security Advisory GLSA 200809-09 (postfix)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-642-1)
2009-03-23 00:00:00
Mandriva Update for postfix MDVSA-2008:190 (postfix)
2009-04-09 00:00:00
nessus
nessus
openSUSE 10 Security Update : postfix (postfix-5603)
2008-09-18 00:00:00
GLSA-200809-09 : Postfix: Denial of Service
2008-09-22 00:00:00
Mandriva Linux Security Advisory : postfix (MDVSA-2008:190)
2009-04-23 00:00:00
ubuntu
ubuntu
Postfix vulnerability
2008-09-10 00:00:00
nvd
nvd
CVE-2008-3889
2008-09-12 16:56:20
CVE-2008-4042
2008-09-11 21:06:47
cvelist
cvelist
CVE-2008-3889
2008-09-12 16:00:00
prion
prion
Command injection
2008-09-12 16:56:00
Design/Logic Flaw
2008-09-11 21:06:00
gentoo
gentoo
Postfix: Denial of service
2008-09-19 00:00:00
ubuntucve
ubuntucve
CVE-2008-3889
2008-09-12 00:00:00
debiancve
debiancve
CVE-2008-3889
2008-09-12 16:56:20
cve
cve
CVE-2008-4042
2008-09-11 21:06:47
exploitdb
exploitdb
Postfix < 2.4.9/2.5.5/2.6-20080902 - '.forward' Local Denial of Service
2008-09-16 00:00:00
zdt
zdt
Postfix < 2.4.9, 2.5.5, 2.6-20080902 (.forward) Local DoS Exploit
2008-09-16 00:00:00
exploitpack
exploitpack
Postfix 2.4.92.5.52.6-20080902 - .forward Local Denial of Service
2008-09-16 00:00:00
seebug
seebug
Postfix &lt; 2.4.9 2.5.5 2.6-20080902 (.forward) Local DoS Exploit
2008-09-16 00:00:00
Postfix &lt; 2.4.9, 2.5.5, 2.6-20080902 (.forward) Local DoS Exploit
2008-09-17 00:00:00
Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
2014-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: postfix-2.5.5-1.fc8
2008-10-09 21:31:27
[SECURITY] Fedora 9 Update: postfix-2.5.5-1.fc9
2008-10-09 21:33:24

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6

Confidence

High

EPSS

0

Percentile

10.1%

JSON
Related for CVE-2008-3889
openvas10nessus8ubuntu1nvd2cvelist1prion2gentoo1ubuntucve1debiancve1cve1exploitdb1zdt1exploitpack1seebug3fedora2